admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:38:20 +00:00
parent b3f6e8330f
commit 744e539b5e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 3758 additions and 3758 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
2007/0xxx/CVE-2007-0259.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0259",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070111 Ezboxx multiple vulnerabilities.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/456699/100/0/threaded"
},
{
"name" : "http://www.bugsec.com/articles.php?Security=20",
"refsource" : "MISC",
"url" : "http://www.bugsec.com/articles.php?Security=20"
},
{
"name" : "ADV-2007-0208",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0208"
},
{
"name" : "32829",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32829"
},
{
"name" : "33470",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33470"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0208",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0208"
},
{
"name": "http://www.bugsec.com/articles.php?Security=20",
"refsource": "MISC",
"url": "http://www.bugsec.com/articles.php?Security=20"
},
{
"name": "33470",
"refsource": "OSVDB",
"url": "http://osvdb.org/33470"
},
{
"name": "20070111 Ezboxx multiple vulnerabilities.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456699/100/0/threaded"
},
{
"name": "32829",
"refsource": "OSVDB",
"url": "http://osvdb.org/32829"
}
]
}
}

148
2007/0xxx/CVE-2007-0597.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0597",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070125 Aztek Forum 4.1 Multiple Vulnerabilities Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/458076/100/0/threaded"
},
{
"name" : "20070125 Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/458123/100/0/threaded"
},
{
"name" : "http://acid-root.new.fr/poc/21070125.txt",
"refsource" : "MISC",
"url" : "http://acid-root.new.fr/poc/21070125.txt"
},
{
"name" : "33594",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33594"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://acid-root.new.fr/poc/21070125.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/poc/21070125.txt"
},
{
"name": "33594",
"refsource": "OSVDB",
"url": "http://osvdb.org/33594"
},
{
"name": "20070125 Aztek Forum 4.1 Multiple Vulnerabilities Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458076/100/0/threaded"
},
{
"name": "20070125 Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458123/100/0/threaded"
}
]
}
}

158
2007/1xxx/CVE-2007-1392.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3435",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3435"
},
{
"name" : "22875",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22875"
},
{
"name" : "ADV-2007-0884",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0884"
},
{
"name" : "24449",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24449"
},
{
"name" : "netforo-down-directory-traversal(32878)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32878"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24449"
},
{
"name": "ADV-2007-0884",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0884"
},
{
"name": "3435",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3435"
},
{
"name": "22875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22875"
},
{
"name": "netforo-down-directory-traversal(32878)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32878"
}
]
}
}

208
2007/1xxx/CVE-2007-1770.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070404 ESRI ArcSDE Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507"
},
{
"name" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260",
"refsource" : "CONFIRM",
"url" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260"
},
{
"name" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261",
"refsource" : "CONFIRM",
"url" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261"
},
{
"name" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262",
"refsource" : "CONFIRM",
"url" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262"
},
{
"name" : "23175",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23175"
},
{
"name" : "ADV-2007-1140",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1140"
},
{
"name" : "1017874",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017874"
},
{
"name" : "24639",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24639"
},
{
"name" : "arcsde-three-tiered-dos(33282)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282"
},
{
"name" : "arcsde-tcpport-bo(33457)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017874",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017874"
},
{
"name": "23175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23175"
},
{
"name": "arcsde-tcpport-bo(33457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457"
},
{
"name": "24639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24639"
},
{
"name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261",
"refsource": "CONFIRM",
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261"
},
{
"name": "arcsde-three-tiered-dos(33282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282"
},
{
"name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262",
"refsource": "CONFIRM",
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262"
},
{
"name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260",
"refsource": "CONFIRM",
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260"
},
{
"name": "20070404 ESRI ArcSDE Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507"
},
{
"name": "ADV-2007-1140",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1140"
}
]
}
}

168
2007/1xxx/CVE-2007-1892.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1892",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070416 Akamai Technologies Security Advisory 2007-0001",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/465908/100/0/threaded"
},
{
"name" : "23522",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23522"
},
{
"name" : "ADV-2007-1415",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1415"
},
{
"name" : "34324",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/34324"
},
{
"name" : "24900",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24900"
},
{
"name" : "akamai-download-manager-bo(33697)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33697"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34324",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34324"
},
{
"name": "20070416 Akamai Technologies Security Advisory 2007-0001",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465908/100/0/threaded"
},
{
"name": "24900",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24900"
},
{
"name": "akamai-download-manager-bo(33697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33697"
},
{
"name": "ADV-2007-1415",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1415"
},
{
"name": "23522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23522"
}
]
}
}

198
2007/3xxx/CVE-2007-3010.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3010",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/479699/100/0/threaded"
},
{
"name" : "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=119002152126755&w=2"
},
{
"name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php",
"refsource" : "MISC",
"url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php"
},
{
"name" : "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm",
"refsource" : "CONFIRM",
"url" : "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm"
},
{
"name" : "25694",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25694"
},
{
"name" : "ADV-2007-3185",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3185"
},
{
"name" : "40521",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40521"
},
{
"name" : "26853",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26853"
},
{
"name" : "alcatel-unified-mastercgi-command-execution(36632)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36632"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-3185",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3185"
},
{
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php"
},
{
"name": "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm",
"refsource": "CONFIRM",
"url": "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm"
},
{
"name": "26853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26853"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=119002152126755&w=2"
},
{
"name": "40521",
"refsource": "OSVDB",
"url": "http://osvdb.org/40521"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479699/100/0/threaded"
},
{
"name": "alcatel-unified-mastercgi-command-execution(36632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36632"
},
{
"name": "25694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25694"
}
]
}
}

808
2007/3xxx/CVE-2007-3304.json
View File

@ -1,407 +1,407 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3304",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070529 Apache httpd vulenrabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/469899/100/0/threaded"
},
{
"name" : "20070619 Apache Prefork MPM vulnerabilities - Report",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/471832/100/0/threaded"
},
{
"name" : "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"name" : "[apache-httpd-dev] 20070622 Re: PID table changes (was Re: svn commit: r547987 - in /httpd/httpd/trunk)",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=apache-httpd-dev&m=118252946632447&w=2"
},
{
"name" : "[apache-httpd-dev] 20070629 Re: [PATCH] pid safety checks for 2.2.x",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192@redhat.com%3e"
},
{
"name" : "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"name" : "http://security.psnc.pl/files/apache_report.pdf",
"refsource" : "MISC",
"url" : "http://security.psnc.pl/files/apache_report.pdf"
},
{
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111",
"refsource" : "MISC",
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111"
},
{
"name" : "http://svn.apache.org/viewvc?view=rev&revision=547987",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=rev&revision=547987"
},
{
"name" : "http://httpd.apache.org/security/vulnerabilities_13.html",
"refsource" : "CONFIRM",
"url" : "http://httpd.apache.org/security/vulnerabilities_13.html"
},
{
"name" : "http://httpd.apache.org/security/vulnerabilities_20.html",
"refsource" : "CONFIRM",
"url" : "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"name" : "http://httpd.apache.org/security/vulnerabilities_22.html",
"refsource" : "CONFIRM",
"url" : "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1710",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1710"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=186219",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=186219"
},
{
"name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html",
"refsource" : "CONFIRM",
"url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html"
},
{
"name" : "PK50467",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK50467&apar=only"
},
{
"name" : "PK52702",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702"
},
{
"name" : "PK53984",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984"
},
{
"name" : "FEDORA-2007-2214",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"
},
{
"name" : "GLSA-200711-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200711-06.xml"
},
{
"name" : "HPSBUX02273",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588"
},
{
"name" : "SSRT071476",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588"
},
{
"name" : "MDKSA-2007:140",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:140"
},
{
"name" : "MDKSA-2007:142",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:142"
},
{
"name" : "RHSA-2007:0532",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/errata/RHSA-2007-0532.html"
},
{
"name" : "RHSA-2007:0556",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2007-0556.html"
},
{
"name" : "RHSA-2007:0557",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0557.html"
},
{
"name" : "RHSA-2007:0662",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0662.html"
},
{
"name" : "RHSA-2008:0261",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name" : "20070701-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc"
},
{
"name" : "103179",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1"
},
{
"name" : "200032",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1"
},
{
"name" : "SUSE-SA:2007:061",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"
},
{
"name" : "2007-0026",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2007/0026/"
},
{
"name" : "USN-499-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-499-1"
},
{
"name" : "24215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24215"
},
{
"name" : "38939",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38939"
},
{
"name" : "oval:org.mitre.oval:def:11589",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11589"
},
{
"name" : "ADV-2007-2727",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2727"
},
{
"name" : "ADV-2007-3100",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3100"
},
{
"name" : "ADV-2007-3283",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3283"
},
{
"name" : "ADV-2007-3420",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3420"
},
{
"name" : "ADV-2007-3494",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3494"
},
{
"name" : "ADV-2007-4305",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4305"
},
{
"name" : "1018304",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018304"
},
{
"name" : "25827",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25827"
},
{
"name" : "25830",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25830"
},
{
"name" : "25920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25920"
},
{
"name" : "26211",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26211"
},
{
"name" : "26273",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26273"
},
{
"name" : "26443",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26443"
},
{
"name" : "26508",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26508"
},
{
"name" : "26611",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26611"
},
{
"name" : "26759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26759"
},
{
"name" : "26790",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26790"
},
{
"name" : "26822",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26822"
},
{
"name" : "26842",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26842"
},
{
"name" : "26993",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26993"
},
{
"name" : "27121",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27121"
},
{
"name" : "27209",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27209"
},
{
"name" : "27563",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27563"
},
{
"name" : "27732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27732"
},
{
"name" : "28212",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28212"
},
{
"name" : "28224",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28224"
},
{
"name" : "28606",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28606"
},
{
"name" : "2814",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2814"
},
{
"name" : "ADV-2008-0233",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0233"
},
{
"name" : "apache-child-process-dos(35095)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35095"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28606",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28606"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111",
"refsource": "MISC",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111"
},
{
"name": "MDKSA-2007:142",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:142"
},
{
"name": "26822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26822"
},
{
"name": "ADV-2007-4305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4305"
},
{
"name": "ADV-2007-3420",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3420"
},
{
"name": "RHSA-2007:0557",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0557.html"
},
{
"name": "38939",
"refsource": "OSVDB",
"url": "http://osvdb.org/38939"
},
{
"name": "PK52702",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702"
},
{
"name": "MDKSA-2007:140",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:140"
},
{
"name": "HPSBUX02273",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588"
},
{
"name": "25827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25827"
},
{
"name": "25920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25920"
},
{
"name": "26993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26993"
},
{
"name": "28212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28212"
},
{
"name": "http://security.psnc.pl/files/apache_report.pdf",
"refsource": "MISC",
"url": "http://security.psnc.pl/files/apache_report.pdf"
},
{
"name": "1018304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018304"
},
{
"name": "27563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27563"
},
{
"name": "27732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27732"
},
{
"name": "http://svn.apache.org/viewvc?view=rev&revision=547987",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=rev&revision=547987"
},
{
"name": "103179",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1"
},
{
"name": "27209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27209"
},
{
"name": "RHSA-2007:0662",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0662.html"
},
{
"name": "26790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26790"
},
{
"name": "RHSA-2007:0556",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0556.html"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_20.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"name": "SUSE-SA:2007:061",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"
},
{
"name": "20070529 Apache httpd vulenrabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469899/100/0/threaded"
},
{
"name": "FEDORA-2007-2214",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"
},
{
"name": "[apache-httpd-dev] 20070622 Re: PID table changes (was Re: svn commit: r547987 - in /httpd/httpd/trunk)",
"refsource": "MLIST",
"url": "http://marc.info/?l=apache-httpd-dev&m=118252946632447&w=2"
},
{
"name": "26759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26759"
},
{
"name": "ADV-2007-3494",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3494"
},
{
"name": "PK50467",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK50467&apar=only"
},
{
"name": "2007-0026",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "RHSA-2007:0532",
"refsource": "REDHAT",
"url": "http://www.redhat.com/errata/RHSA-2007-0532.html"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_22.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1710",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1710"
},
{
"name": "[apache-httpd-dev] 20070629 Re: [PATCH] pid safety checks for 2.2.x",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192@redhat.com%3e"
},
{
"name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"name": "2814",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2814"
},
{
"name": "oval:org.mitre.oval:def:11589",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11589"
},
{
"name": "27121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27121"
},
{
"name": "20070619 Apache Prefork MPM vulnerabilities - Report",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471832/100/0/threaded"
},
{
"name": "ADV-2008-0233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0233"
},
{
"name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html"
},
{
"name": "26211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26211"
},
{
"name": "apache-child-process-dos(35095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35095"
},
{
"name": "26443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26443"
},
{
"name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_13.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_13.html"
},
{
"name": "GLSA-200711-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"
},
{
"name": "28224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28224"
},
{
"name": "200032",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1"
},
{
"name": "25830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25830"
},
{
"name": "24215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24215"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm"
},
{
"name": "USN-499-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-499-1"
},
{
"name": "RHSA-2008:0261",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "26508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26508"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm"
},
{
"name": "26842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26842"
},
{
"name": "ADV-2007-3283",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3283"
},
{
"name": "20070701-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc"
},
{
"name": "PK53984",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984"
},
{
"name": "ADV-2007-2727",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2727"
},
{
"name": "26611",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26611"
},
{
"name": "26273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26273"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=186219",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"
},
{
"name": "ADV-2007-3100",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3100"
},
{
"name": "SSRT071476",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588"
}
]
}
}

188
2007/3xxx/CVE-2007-3493.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4109",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4109"
},
{
"name" : "http://www.shinnai.altervista.org/exploits/ntcwavchunkstxt.html",
"refsource" : "MISC",
"url" : "http://www.shinnai.altervista.org/exploits/ntcwavchunkstxt.html"
},
{
"name" : "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1182845325.ff.php&page=last",
"refsource" : "MISC",
"url" : "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1182845325.ff.php&page=last"
},
{
"name" : "24656",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24656"
},
{
"name" : "ADV-2007-2351",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2351"
},
{
"name" : "37673",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37673"
},
{
"name" : "25851",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25851"
},
{
"name" : "nctaudiostudio2-createfile-file-overwrite(35081)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35081"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4109",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4109"
},
{
"name": "37673",
"refsource": "OSVDB",
"url": "http://osvdb.org/37673"
},
{
"name": "http://www.shinnai.altervista.org/exploits/ntcwavchunkstxt.html",
"refsource": "MISC",
"url": "http://www.shinnai.altervista.org/exploits/ntcwavchunkstxt.html"
},
{
"name": "25851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25851"
},
{
"name": "nctaudiostudio2-createfile-file-overwrite(35081)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35081"
},
{
"name": "24656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24656"
},
{
"name": "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1182845325.ff.php&page=last",
"refsource": "MISC",
"url": "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1182845325.ff.php&page=last"
},
{
"name": "ADV-2007-2351",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2351"
}
]
}
}

228
2007/3xxx/CVE-2007-3859.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3859",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf",
"refsource" : "MISC",
"url" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143"
},
{
"name" : "TA07-200A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-200A.html"
},
{
"name" : "ADV-2007-2562",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2562"
},
{
"name" : "ADV-2007-2635",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2635"
},
{
"name" : "1018415",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018415"
},
{
"name" : "26114",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26114"
},
{
"name" : "26166",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26166"
},
{
"name" : "oracle-cpu-july2007(35490)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143"
},
{
"name": "26114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26114"
},
{
"name": "26166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26166"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html"
},
{
"name": "TA07-200A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-200A.html"
},
{
"name": "ADV-2007-2562",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2562"
},
{
"name": "ADV-2007-2635",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2635"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143"
},
{
"name": "oracle-cpu-july2007(35490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490"
},
{
"name": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf",
"refsource": "MISC",
"url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf"
},
{
"name": "1018415",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018415"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html"
}
]
}
}

188
2007/4xxx/CVE-2007-4530.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070823 Re: TeamSpeak 2 Server Vulnerabilities?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/477424/100/0/threaded"
},
{
"name" : "20070511 Teamspeak Server 2.0.20.1 Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0165.html"
},
{
"name" : "http://securityvulns.com/Rdocument6.html",
"refsource" : "MISC",
"url" : "http://securityvulns.com/Rdocument6.html"
},
{
"name" : "23933",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23933"
},
{
"name" : "36048",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36048"
},
{
"name" : "36049",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36049"
},
{
"name" : "25242",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25242"
},
{
"name" : "teamspeak-errorbox-okbox-xss(34252)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34252"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070823 Re: TeamSpeak 2 Server Vulnerabilities?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477424/100/0/threaded"
},
{
"name": "23933",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23933"
},
{
"name": "36048",
"refsource": "OSVDB",
"url": "http://osvdb.org/36048"
},
{
"name": "25242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25242"
},
{
"name": "http://securityvulns.com/Rdocument6.html",
"refsource": "MISC",
"url": "http://securityvulns.com/Rdocument6.html"
},
{
"name": "36049",
"refsource": "OSVDB",
"url": "http://osvdb.org/36049"
},
{
"name": "20070511 Teamspeak Server 2.0.20.1 Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0165.html"
},
{
"name": "teamspeak-errorbox-okbox-xss(34252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34252"
}
]
}
}

128
2007/4xxx/CVE-2007-4605.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4332",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4332"
},
{
"name" : "vwar-mvcw-file-include(36316)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36316"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4332",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4332"
},
{
"name": "vwar-mvcw-file-include(36316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36316"
}
]
}
}

148
2007/4xxx/CVE-2007-4958.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4958",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "25689",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25689"
},
{
"name" : "ADV-2007-3186",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3186"
},
{
"name" : "26841",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26841"
},
{
"name" : "tinywebgallery-multiple-scripts-xss(36644)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36644"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-3186",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3186"
},
{
"name": "26841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26841"
},
{
"name": "25689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25689"
},
{
"name": "tinywebgallery-multiple-scripts-xss(36644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36644"
}
]
}
}

32
2014/5xxx/CVE-2014-5063.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5063",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5063",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2014/5xxx/CVE-2014-5854.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5854",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Windows Live Hotmail PUSH mail (aka com.clearhub.wl) application 1.00.97 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#525825",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/525825"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Live Hotmail PUSH mail (aka com.clearhub.wl) application 1.00.97 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#525825",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/525825"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

168
2015/2xxx/CVE-2015-2218.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2218",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "36086",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/36086"
},
{
"name" : "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html",
"refsource" : "MISC",
"url" : "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html"
},
{
"name" : "http://www.wonderplugin.com/wordpress-audio-player/",
"refsource" : "MISC",
"url" : "http://www.wonderplugin.com/wordpress-audio-player/"
},
{
"name" : "74851",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74851"
},
{
"name" : "118510",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/118510"
},
{
"name" : "118511",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/118511"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html",
"refsource": "MISC",
"url": "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html"
},
{
"name": "118511",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/118511"
},
{
"name": "74851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74851"
},
{
"name": "36086",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/36086"
},
{
"name": "118510",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/118510"
},
{
"name": "http://www.wonderplugin.com/wordpress-audio-player/",
"refsource": "MISC",
"url": "http://www.wonderplugin.com/wordpress-audio-player/"
}
]
}
}

148
2015/2xxx/CVE-2015-2311.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2311",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-2311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150317 Re: CVE Request: Cap'n Proto: Several issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/03/17/3"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780566",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780566"
},
{
"name" : "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-1-c%2B%2B-integer-underflow.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-1-c%2B%2B-integer-underflow.md"
},
{
"name" : "https://github.com/capnproto/capnproto/commit/26bcceda72372211063d62aab7e45665faa83633",
"refsource" : "CONFIRM",
"url" : "https://github.com/capnproto/capnproto/commit/26bcceda72372211063d62aab7e45665faa83633"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780566",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780566"
},
{
"name": "[oss-security] 20150317 Re: CVE Request: Cap'n Proto: Several issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/3"
},
{
"name": "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-1-c%2B%2B-integer-underflow.md",
"refsource": "CONFIRM",
"url": "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-1-c%2B%2B-integer-underflow.md"
},
{
"name": "https://github.com/capnproto/capnproto/commit/26bcceda72372211063d62aab7e45665faa83633",
"refsource": "CONFIRM",
"url": "https://github.com/capnproto/capnproto/commit/26bcceda72372211063d62aab7e45665faa83633"
}
]
}
}

268
2015/2xxx/CVE-2015-2733.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2733",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-2733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-65.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-65.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1169867",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1169867"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name" : "GLSA-201512-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201512-10"
},
{
"name" : "RHSA-2015:1207",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1207.html"
},
{
"name" : "SUSE-SU-2015:1268",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"name" : "SUSE-SU-2015:1269",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"name" : "SUSE-SU-2015:1449",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name" : "openSUSE-SU-2015:1266",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name" : "openSUSE-SU-2015:1229",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name" : "USN-2656-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name" : "USN-2656-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"name" : "75541",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75541"
},
{
"name" : "1032783",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032783"
},
{
"name" : "1032784",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032784"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:1229",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name": "SUSE-SU-2015:1268",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"name": "GLSA-201512-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1169867",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1169867"
},
{
"name": "75541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75541"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "1032784",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032784"
},
{
"name": "RHSA-2015:1207",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1207.html"
},
{
"name": "SUSE-SU-2015:1269",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-65.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-65.html"
},
{
"name": "USN-2656-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name": "SUSE-SU-2015:1449",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name": "1032783",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032783"
},
{
"name": "USN-2656-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

118
2015/2xxx/CVE-2015-2881.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2015-2881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Gynoii",
"version" : {
"version_data" : [
{
"version_value" : "Gynoii"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "backdoor"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gynoii",
"version": {
"version_data": [
{
"version_value": "Gynoii"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors",
"refsource" : "MISC",
"url" : "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "backdoor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors"
}
]
}
}

148
2015/2xxx/CVE-2015-2944.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2944",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-2944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://issues.apache.org/jira/browse/SLING-2082",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/SLING-2082"
},
{
"name" : "JVN#61328139",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN61328139/index.html"
},
{
"name" : "JVNDB-2015-000069",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069"
},
{
"name" : "74839",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74839"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#61328139",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN61328139/index.html"
},
{
"name": "74839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74839"
},
{
"name": "https://issues.apache.org/jira/browse/SLING-2082",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/SLING-2082"
},
{
"name": "JVNDB-2015-000069",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069"
}
]
}
}

32
2015/6xxx/CVE-2015-6213.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6213",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-6213",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

128
2015/6xxx/CVE-2015-6256.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6256",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150820 Cisco Aggregation Services Router ASR 5000 and ASR 5500 OSPF Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40585"
},
{
"name" : "1033355",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033355"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150820 Cisco Aggregation Services Router ASR 5000 and ASR 5500 OSPF Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40585"
},
{
"name": "1033355",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033355"
}
]
}
}

32
2015/6xxx/CVE-2015-6865.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6865",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-6865",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

32
2015/6xxx/CVE-2015-6888.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6888",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-6888",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

138
2015/7xxx/CVE-2015-7044.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7044",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-7044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205637",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205637"
},
{
"name" : "APPLE-SA-2015-12-08-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
},
{
"name" : "1034344",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034344"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT205637",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205637"
},
{
"name": "1034344",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034344"
},
{
"name": "APPLE-SA-2015-12-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
}
]
}
}

128
2015/7xxx/CVE-2015-7743.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7743",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html"
},
{
"name" : "https://www.paessler.com/prtg/history/stable#16.2.23.3077",
"refsource" : "CONFIRM",
"url" : "https://www.paessler.com/prtg/history/stable#16.2.23.3077"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html"
},
{
"name": "https://www.paessler.com/prtg/history/stable#16.2.23.3077",
"refsource": "CONFIRM",
"url": "https://www.paessler.com/prtg/history/stable#16.2.23.3077"
}
]
}
}

138
2015/7xxx/CVE-2015-7754.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10712",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10712"
},
{
"name" : "79627",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/79627"
},
{
"name" : "1034490",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034490"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "79627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79627"
},
{
"name": "1034490",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034490"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10712",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10712"
}
]
}
}

128
2015/7xxx/CVE-2015-7841.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a \"user creation command.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm",
"refsource" : "CONFIRM",
"url" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm"
},
{
"name" : "76836",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76836"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a \"user creation command.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm",
"refsource": "CONFIRM",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm"
},
{
"name": "76836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76836"
}
]
}
}

118
2015/7xxx/CVE-2015-7921.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01"
}
]
}
}

32
2015/7xxx/CVE-2015-7982.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7982",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7982",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2016/0xxx/CVE-2016-0032.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0032",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"Exchange Spoofing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-010",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010"
},
{
"name" : "1034647",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034647"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"Exchange Spoofing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-010",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010"
},
{
"name": "1034647",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034647"
}
]
}
}

168
2016/0xxx/CVE-2016-0128.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"Windows SAM and LSAD Downgrade Vulnerability\" or \"BADLOCK.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.samba.org/samba/security/CVE-2016-2118.html",
"refsource" : "MISC",
"url" : "https://www.samba.org/samba/security/CVE-2016-2118.html"
},
{
"name" : "http://badlock.org/",
"refsource" : "MISC",
"url" : "http://badlock.org/"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa122",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa122"
},
{
"name" : "MS16-047",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-047"
},
{
"name" : "VU#813296",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/813296"
},
{
"name" : "1035534",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035534"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"Windows SAM and LSAD Downgrade Vulnerability\" or \"BADLOCK.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://badlock.org/",
"refsource": "MISC",
"url": "http://badlock.org/"
},
{
"name": "MS16-047",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-047"
},
{
"name": "VU#813296",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/813296"
},
{
"name": "https://www.samba.org/samba/security/CVE-2016-2118.html",
"refsource": "MISC",
"url": "https://www.samba.org/samba/security/CVE-2016-2118.html"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa122",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa122"
},
{
"name": "1035534",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035534"
}
]
}
}

118
2016/0xxx/CVE-2016-0735.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-0735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[ranger-dev] 20160328 CVE update (CVE-2016-0735) - Fixed in Ranger 0.5.2",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/ranger-dev/201603.mbox/%3CD31EE434.14B879%25vel%40apache.org%3E"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[ranger-dev] 20160328 CVE update (CVE-2016-0735) - Fixed in Ranger 0.5.2",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/ranger-dev/201603.mbox/%3CD31EE434.14B879%25vel%40apache.org%3E"
}
]
}
}

32
2016/1000xxx/CVE-2016-1000196.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1000196",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000196",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/10xxx/CVE-2016-10236.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-04-03T00:00:00",
"ID" : "CVE-2016-10236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-04-03T00:00:00",
"ID": "CVE-2016-10236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name" : "97359",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97359"
},
{
"name" : "1038201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038201"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "97359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97359"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
}

158
2016/1xxx/CVE-2016-1493.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/537327/100/0/threaded"
},
{
"name" : "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Jan/56"
},
{
"name" : "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html"
},
{
"name" : "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm"
},
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageid=en-fr"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html"
},
{
"name": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm"
},
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageid=en-fr"
},
{
"name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537327/100/0/threaded"
},
{
"name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jan/56"
}
]
}
}

418
2016/1xxx/CVE-2016-1695.json
View File

@ -1,212 +1,212 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name" : "https://crbug.com/582698",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/582698"
},
{
"name" : "https://crbug.com/582714",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/582714"
},
{
"name" : "https://crbug.com/585658",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/585658"
},
{
"name" : "https://crbug.com/587897",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/587897"
},
{
"name" : "https://crbug.com/588178",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/588178"
},
{
"name" : "https://crbug.com/588548",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/588548"
},
{
"name" : "https://crbug.com/595262",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/595262"
},
{
"name" : "https://crbug.com/599081",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/599081"
},
{
"name" : "https://crbug.com/599627",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/599627"
},
{
"name" : "https://crbug.com/602046",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/602046"
},
{
"name" : "https://crbug.com/602185",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/602185"
},
{
"name" : "https://crbug.com/605474",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/605474"
},
{
"name" : "https://crbug.com/607483",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/607483"
},
{
"name" : "https://crbug.com/609134",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/609134"
},
{
"name" : "https://crbug.com/610646",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/610646"
},
{
"name" : "https://crbug.com/611887",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/611887"
},
{
"name" : "https://crbug.com/612132",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/612132"
},
{
"name" : "https://crbug.com/612364",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/612364"
},
{
"name" : "https://crbug.com/612613",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/612613"
},
{
"name" : "https://crbug.com/614767",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/614767"
},
{
"name" : "https://www.tenable.com/security/tns-2016-18",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-18"
},
{
"name" : "DSA-3590",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3590"
},
{
"name" : "GLSA-201607-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201607-07"
},
{
"name" : "RHSA-2016:1190",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"name" : "openSUSE-SU-2016:1430",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name" : "openSUSE-SU-2016:1433",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"name" : "openSUSE-SU-2016:1496",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"name" : "USN-2992-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name" : "90876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90876"
},
{
"name" : "1035981",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035981"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/582714",
"refsource": "CONFIRM",
"url": "https://crbug.com/582714"
},
{
"name": "https://crbug.com/602185",
"refsource": "CONFIRM",
"url": "https://crbug.com/602185"
},
{
"name": "https://crbug.com/614767",
"refsource": "CONFIRM",
"url": "https://crbug.com/614767"
},
{
"name": "https://crbug.com/599081",
"refsource": "CONFIRM",
"url": "https://crbug.com/599081"
},
{
"name": "https://crbug.com/588178",
"refsource": "CONFIRM",
"url": "https://crbug.com/588178"
},
{
"name": "90876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "https://crbug.com/611887",
"refsource": "CONFIRM",
"url": "https://crbug.com/611887"
},
{
"name": "https://crbug.com/612132",
"refsource": "CONFIRM",
"url": "https://crbug.com/612132"
},
{
"name": "https://crbug.com/610646",
"refsource": "CONFIRM",
"url": "https://crbug.com/610646"
},
{
"name": "https://crbug.com/605474",
"refsource": "CONFIRM",
"url": "https://crbug.com/605474"
},
{
"name": "openSUSE-SU-2016:1496",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"name": "1035981",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"name": "DSA-3590",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"name": "https://crbug.com/602046",
"refsource": "CONFIRM",
"url": "https://crbug.com/602046"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "https://crbug.com/607483",
"refsource": "CONFIRM",
"url": "https://crbug.com/607483"
},
{
"name": "https://crbug.com/585658",
"refsource": "CONFIRM",
"url": "https://crbug.com/585658"
},
{
"name": "USN-2992-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "openSUSE-SU-2016:1430",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "https://www.tenable.com/security/tns-2016-18",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"name": "https://crbug.com/582698",
"refsource": "CONFIRM",
"url": "https://crbug.com/582698"
},
{
"name": "RHSA-2016:1190",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"name": "https://crbug.com/612364",
"refsource": "CONFIRM",
"url": "https://crbug.com/612364"
},
{
"name": "https://crbug.com/599627",
"refsource": "CONFIRM",
"url": "https://crbug.com/599627"
},
{
"name": "https://crbug.com/587897",
"refsource": "CONFIRM",
"url": "https://crbug.com/587897"
},
{
"name": "https://crbug.com/609134",
"refsource": "CONFIRM",
"url": "https://crbug.com/609134"
},
{
"name": "https://crbug.com/595262",
"refsource": "CONFIRM",
"url": "https://crbug.com/595262"
},
{
"name": "https://crbug.com/588548",
"refsource": "CONFIRM",
"url": "https://crbug.com/588548"
},
{
"name": "GLSA-201607-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "https://crbug.com/612613",
"refsource": "CONFIRM",
"url": "https://crbug.com/612613"
},
{
"name": "openSUSE-SU-2016:1433",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
}
]
}
}

148
2016/1xxx/CVE-2016-1774.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1774",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT206173",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206173"
},
{
"name" : "APPLE-SA-2016-03-21-7",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
},
{
"name" : "85054",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/85054"
},
{
"name" : "1035342",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035342"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035342",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85054"
},
{
"name": "https://support.apple.com/HT206173",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206173"
},
{
"name": "APPLE-SA-2016-03-21-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
}
]
}
}

138
2016/4xxx/CVE-2016-4212.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html"
},
{
"name" : "91716",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91716"
},
{
"name" : "1036281",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036281"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91716"
},
{
"name": "1036281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036281"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html"
}
]
}
}

32
2016/4xxx/CVE-2016-4943.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4943",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4943",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2019/1003xxx/CVE-2019-1003036.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-03-06T22:44:37.386888",
"ID" : "CVE-2019-1003036",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Azure VM Agents Plugin",
"version" : {
"version_data" : [
{
"version_value" : "0.8.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285, CWE-352"
}
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-03-06T22:44:37.386888",
"ID": "CVE-2019-1003036",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Azure VM Agents Plugin",
"version": {
"version_data": [
{
"version_value": "0.8.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285, CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331"
}
]
}
}

32
2019/3xxx/CVE-2019-3088.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3088",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3088",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/3xxx/CVE-2019-3171.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3171",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3171",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/3xxx/CVE-2019-3182.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3182",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3182",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/3xxx/CVE-2019-3597.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3597",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3597",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/4xxx/CVE-2019-4255.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4255",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4255",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/4xxx/CVE-2019-4463.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4463",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4463",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/4xxx/CVE-2019-4676.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4676",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4676",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/4xxx/CVE-2019-4914.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4914",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4914",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2019/6xxx/CVE-2019-6521.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2019-6521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-6521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01"
},
{
"name" : "106722",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106722"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01"
},
{
"name": "106722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106722"
}
]
}
}

130
2019/6xxx/CVE-2019-6539.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2019-02-05T00:00:00",
"ID" : "CVE-2019-6539",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WECON LeviStudioU",
"version" : {
"version_data" : [
{
"version_value" : "LeviStudioU Versions 1.8.56 and prior"
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow CWE-122"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-02-05T00:00:00",
"ID": "CVE-2019-6539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WECON LeviStudioU",
"version": {
"version_data": [
{
"version_value": "LeviStudioU Versions 1.8.56 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
},
{
"name" : "106861",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106861"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based buffer overflow CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106861"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
}
]
}
}

32
2019/7xxx/CVE-2019-7588.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7588",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7588",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2019/7xxx/CVE-2019-7636.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7636",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
},
{
"name" : "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
},
{
"name" : "https://bugzilla.libsdl.org/show_bug.cgi?id=4499",
"refsource" : "MISC",
"url" : "https://bugzilla.libsdl.org/show_bug.cgi?id=4499"
},
{
"name" : "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720",
"refsource" : "MISC",
"url" : "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
},
{
"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
},
{
"name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4499",
"refsource": "MISC",
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4499"
},
{
"name": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720",
"refsource": "MISC",
"url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
}
]
}
}

32
2019/7xxx/CVE-2019-7804.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7804",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7804",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/8xxx/CVE-2019-8668.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8668",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8668",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/8xxx/CVE-2019-8837.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8837",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8837",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2019/8xxx/CVE-2019-8903.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8903",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.js in Total.js Platform before 3.2.3 allows path traversal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7",
"refsource" : "MISC",
"url" : "https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7"
},
{
"name" : "https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b",
"refsource" : "MISC",
"url" : "https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.js in Total.js Platform before 3.2.3 allows path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7",
"refsource": "MISC",
"url": "https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7"
},
{
"name": "https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b",
"refsource": "MISC",
"url": "https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b"
}
]
}
}

32
2019/9xxx/CVE-2019-9445.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9445",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9445",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/9xxx/CVE-2019-9479.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9479",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9479",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2019/9xxx/CVE-2019-9640.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9640",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.php.net/bug.php?id=77540",
"refsource" : "MISC",
"url" : "https://bugs.php.net/bug.php?id=77540"
},
{
"name" : "DSA-4403",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4403"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4403",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4403"
},
{
"name": "https://bugs.php.net/bug.php?id=77540",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77540"
}
]
}
}

32
2019/9xxx/CVE-2019-9758.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9758",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9758",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}