admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:58:40 +00:00
parent 2490288a37
commit 816fc5e7a2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4033 additions and 4033 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2006/5xxx/CVE-2006-5384.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5384",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in modification/SendAlertEmail.php in CDS Software Consortium CDS Agenda 4.2.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AGE parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2540",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2540"
},
{
"name" : "20508",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20508"
},
{
"name" : "ADV-2006-4048",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4048"
},
{
"name" : "22416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22416"
},
{
"name" : "cdsagenda-send-file-include(29519)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29519"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in modification/SendAlertEmail.php in CDS Software Consortium CDS Agenda 4.2.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AGE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cdsagenda-send-file-include(29519)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29519"
},
{
"name": "2540",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2540"
},
{
"name": "ADV-2006-4048",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4048"
},
{
"name": "20508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20508"
},
{
"name": "22416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22416"
}
]
}
}

190
2007/2xxx/CVE-2007-2391.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2391",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070613 Apple Safari: cookie stealing",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/471255/100/0/threaded"
},
{
"name" : "20070613 Re: [Full-disclosure] Apple Safari: cookie stealing",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/471266/100/0/threaded"
},
{
"name" : "APPLE-SA-2007-06-14",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html"
},
{
"name" : "24457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24457"
},
{
"name" : "36605",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36605"
},
{
"name" : "ADV-2007-2192",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2192"
},
{
"name" : "1018238",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018238"
},
{
"name" : "safari-settimeout-security-bypass(34847)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34847"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "safari-settimeout-security-bypass(34847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34847"
},
{
"name": "ADV-2007-2192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2192"
},
{
"name": "20070613 Re: [Full-disclosure] Apple Safari: cookie stealing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471266/100/0/threaded"
},
{
"name": "24457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24457"
},
{
"name": "1018238",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018238"
},
{
"name": "20070613 Apple Safari: cookie stealing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471255/100/0/threaded"
},
{
"name": "36605",
"refsource": "OSVDB",
"url": "http://osvdb.org/36605"
},
{
"name": "APPLE-SA-2007-06-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html"
}
]
}
}

140
2007/3xxx/CVE-2007-3311.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3311",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070327 Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/463916/100/0/threaded"
},
{
"name" : "3588",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3588"
},
{
"name" : "2817",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2817"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3588",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3588"
},
{
"name": "20070327 Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463916/100/0/threaded"
},
{
"name": "2817",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2817"
}
]
}
}

160
2007/3xxx/CVE-2007-3685.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3685",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml",
"refsource" : "MISC",
"url" : "http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml"
},
{
"name" : "24840",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24840"
},
{
"name" : "35935",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/35935"
},
{
"name" : "25985",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25985"
},
{
"name" : "unobtrusive-ajax-rpc-xss(35326)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35326"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25985"
},
{
"name": "http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml",
"refsource": "MISC",
"url": "http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml"
},
{
"name": "unobtrusive-ajax-rpc-xss(35326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35326"
},
{
"name": "24840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24840"
},
{
"name": "35935",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35935"
}
]
}
}

220
2007/3xxx/CVE-2007-3752.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3752",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070906 iTunes 7.3.x - Heap overflow in album cover parsing",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/478750/100/0/threaded"
},
{
"name" : "https://www.isecpartners.com/advisories/2007-005-itunes.txt",
"refsource" : "MISC",
"url" : "https://www.isecpartners.com/advisories/2007-005-itunes.txt"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=306404",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=306404"
},
{
"name" : "APPLE-SA-2007-09-06",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Sep/msg00000.html"
},
{
"name" : "25567",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25567"
},
{
"name" : "oval:org.mitre.oval:def:17303",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17303"
},
{
"name" : "ADV-2007-3073",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3073"
},
{
"name" : "38528",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38528"
},
{
"name" : "1018658",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018658"
},
{
"name" : "26725",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26725"
},
{
"name" : "itunes-music-file-bo(36485)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36485"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25567",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25567"
},
{
"name": "ADV-2007-3073",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3073"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306404",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306404"
},
{
"name": "20070906 iTunes 7.3.x - Heap overflow in album cover parsing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/478750/100/0/threaded"
},
{
"name": "26725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26725"
},
{
"name": "38528",
"refsource": "OSVDB",
"url": "http://osvdb.org/38528"
},
{
"name": "APPLE-SA-2007-09-06",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00000.html"
},
{
"name": "https://www.isecpartners.com/advisories/2007-005-itunes.txt",
"refsource": "MISC",
"url": "https://www.isecpartners.com/advisories/2007-005-itunes.txt"
},
{
"name": "oval:org.mitre.oval:def:17303",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17303"
},
{
"name": "itunes-music-file-bo(36485)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36485"
},
{
"name": "1018658",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018658"
}
]
}
}

150
2007/3xxx/CVE-2007-3989.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3989",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster parameter is set to iletisim, allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz and (2) Soyadiniz parameters; and possibly other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "25004",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25004"
},
{
"name" : "ADV-2007-2605",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2605"
},
{
"name" : "26173",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26173"
},
{
"name" : "doraemlakscript-default-xss(35553)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35553"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster parameter is set to iletisim, allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz and (2) Soyadiniz parameters; and possibly other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26173"
},
{
"name": "ADV-2007-2605",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2605"
},
{
"name": "doraemlakscript-default-xss(35553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35553"
},
{
"name": "25004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25004"
}
]
}
}

34
2007/6xxx/CVE-2007-6023.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6023",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6023",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2007/6xxx/CVE-2007-6249.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev",
"refsource" : "CONFIRM",
"url" : "http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=193589",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=193589"
},
{
"name" : "GLSA-200712-11",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200712-11.xml"
},
{
"name" : "26864",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26864"
},
{
"name" : "42636",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42636"
},
{
"name" : "1019097",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019097"
},
{
"name" : "28094",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28094"
},
{
"name" : "portage-etcupdate-information-disclosure(39035)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39035"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev",
"refsource": "CONFIRM",
"url": "http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev"
},
{
"name": "28094",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28094"
},
{
"name": "portage-etcupdate-information-disclosure(39035)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39035"
},
{
"name": "26864",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26864"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=193589",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=193589"
},
{
"name": "42636",
"refsource": "OSVDB",
"url": "http://osvdb.org/42636"
},
{
"name": "1019097",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019097"
},
{
"name": "GLSA-200712-11",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200712-11.xml"
}
]
}
}

200
2007/6xxx/CVE-2007-6538.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6538",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071221 Moodle SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485434/100/0/threaded"
},
{
"name" : "20071222 Re: Moodle SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485455/100/200/threaded"
},
{
"name" : "20071222 Re: Re: Moodle SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485459/100/200/threaded"
},
{
"name" : "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1&r2=1.2",
"refsource" : "CONFIRM",
"url" : "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1&r2=1.2"
},
{
"name" : "26977",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26977"
},
{
"name" : "39619",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39619"
},
{
"name" : "28198",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28198"
},
{
"name" : "3492",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3492"
},
{
"name" : "moodle-viewentry-sql-injection(39190)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28198"
},
{
"name": "20071222 Re: Re: Moodle SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485459/100/200/threaded"
},
{
"name": "20071222 Re: Moodle SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485455/100/200/threaded"
},
{
"name": "3492",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3492"
},
{
"name": "39619",
"refsource": "OSVDB",
"url": "http://osvdb.org/39619"
},
{
"name": "moodle-viewentry-sql-injection(39190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190"
},
{
"name": "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1&r2=1.2",
"refsource": "CONFIRM",
"url": "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1&r2=1.2"
},
{
"name": "20071221 Moodle SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485434/100/0/threaded"
},
{
"name": "26977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26977"
}
]
}
}

300
2007/6xxx/CVE-2007-6694.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20071122 [PATCH] PPC: CHRP - fix possible NULL pointer dereference",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-kernel&m=119576191029571&w=2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=396751",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=396751"
},
{
"name" : "DSA-1503",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1503"
},
{
"name" : "DSA-1504",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1504"
},
{
"name" : "DSA-1565",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1565"
},
{
"name" : "RHSA-2008:0055",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0055.html"
},
{
"name" : "RHSA-2008:0154",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0154.html"
},
{
"name" : "USN-614-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/614-1/"
},
{
"name" : "USN-618-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-618-1"
},
{
"name" : "27555",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27555"
},
{
"name" : "oval:org.mitre.oval:def:11215",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11215"
},
{
"name" : "ADV-2008-0380",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0380"
},
{
"name" : "28696",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28696"
},
{
"name" : "28748",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28748"
},
{
"name" : "29058",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29058"
},
{
"name" : "29236",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29236"
},
{
"name" : "30515",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30515"
},
{
"name" : "30769",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30769"
},
{
"name" : "30018",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30018"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27555"
},
{
"name": "RHSA-2008:0154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0154.html"
},
{
"name": "USN-618-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-618-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=396751",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=396751"
},
{
"name": "DSA-1565",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1565"
},
{
"name": "DSA-1504",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1504"
},
{
"name": "28696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28696"
},
{
"name": "29236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29236"
},
{
"name": "30515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30515"
},
{
"name": "USN-614-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/614-1/"
},
{
"name": "DSA-1503",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1503"
},
{
"name": "28748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28748"
},
{
"name": "oval:org.mitre.oval:def:11215",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11215"
},
{
"name": "29058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29058"
},
{
"name": "ADV-2008-0380",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0380"
},
{
"name": "30769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30769"
},
{
"name": "30018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30018"
},
{
"name": "RHSA-2008:0055",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0055.html"
},
{
"name": "[linux-kernel] 20071122 [PATCH] PPC: CHRP - fix possible NULL pointer dereference",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel&m=119576191029571&w=2"
}
]
}
}

140
2010/0xxx/CVE-2010-0218.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0218",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-0218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[bind-announce] 20100928 Security Advisory Regarding Unexpected ACL Behavior in BIND 9.7.2",
"refsource" : "MLIST",
"url" : "https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html"
},
{
"name" : "http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html",
"refsource" : "CONFIRM",
"url" : "http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html"
},
{
"name" : "VU#784855",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/784855"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[bind-announce] 20100928 Security Advisory Regarding Unexpected ACL Behavior in BIND 9.7.2",
"refsource": "MLIST",
"url": "https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html"
},
{
"name": "http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html",
"refsource": "CONFIRM",
"url": "http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html"
},
{
"name": "VU#784855",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/784855"
}
]
}
}

150
2010/0xxx/CVE-2010-0706.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0706",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the login/prompt component in Subex Nikira Fraud Management System allows remote attackers to inject arbitrary web script or HTML via the message parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.org/1002-exploits/nikara-xss.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.org/1002-exploits/nikara-xss.txt"
},
{
"name" : "38311",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38311"
},
{
"name" : "38564",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38564"
},
{
"name" : "nfms-message-xss(56393)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56393"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the login/prompt component in Subex Nikira Fraud Management System allows remote attackers to inject arbitrary web script or HTML via the message parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38564"
},
{
"name": "http://www.packetstormsecurity.org/1002-exploits/nikara-xss.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/1002-exploits/nikara-xss.txt"
},
{
"name": "nfms-message-xss(56393)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56393"
},
{
"name": "38311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38311"
}
]
}
}

120
2010/1xxx/CVE-2010-1076.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "38688",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38688"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38688"
}
]
}
}

150
2010/1xxx/CVE-2010-1264.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1264",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka \"Sharepoint Help Page Denial of Service Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-039",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039"
},
{
"name" : "TA10-159B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name" : "40559",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40559"
},
{
"name" : "oval:org.mitre.oval:def:7241",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7241"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka \"Sharepoint Help Page Denial of Service Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-039",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039"
},
{
"name": "oval:org.mitre.oval:def:7241",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7241"
},
{
"name": "40559",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40559"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
]
}
}

170
2010/1xxx/CVE-2010-1266.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://inj3ct0r.com/exploits/11394",
"refsource" : "MISC",
"url" : "http://inj3ct0r.com/exploits/11394"
},
{
"name" : "http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt"
},
{
"name" : "11831",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11831"
},
{
"name" : "38993",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38993"
},
{
"name" : "ADV-2010-0674",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0674"
},
{
"name" : "webmaidcms-index-file-include(57059)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57059"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0674",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0674"
},
{
"name": "webmaidcms-index-file-include(57059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57059"
},
{
"name": "11831",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11831"
},
{
"name": "38993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38993"
},
{
"name": "http://inj3ct0r.com/exploits/11394",
"refsource": "MISC",
"url": "http://inj3ct0r.com/exploits/11394"
},
{
"name": "http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt"
}
]
}
}

130
2010/5xxx/CVE-2010-5267.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in MunSoft Easy Office Recovery 1.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .doc, .xls, or .ppt file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1009-exploits/seasyofficerecovery-dllhijack.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-exploits/seasyofficerecovery-dllhijack.txt"
},
{
"name" : "41584",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41584"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in MunSoft Easy Office Recovery 1.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .doc, .xls, or .ppt file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41584"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/seasyofficerecovery-dllhijack.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/seasyofficerecovery-dllhijack.txt"
}
]
}
}

210
2014/0xxx/CVE-2014-0095.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0095",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a \"Content-Length: 0\" AJP request to trigger a hang in request processing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140527 [SECURITY] CVE-2014-0095 Apache Tomcat denial of service",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/May/134"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1578392",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1578392"
},
{
"name" : "http://tomcat.apache.org/security-8.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-8.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "67673",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67673"
},
{
"name" : "1030300",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030300"
},
{
"name" : "59873",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59873"
},
{
"name" : "60729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60729"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a \"Content-Length: 0\" AJP request to trigger a hang in request processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"name": "20140527 [SECURITY] CVE-2014-0095 Apache Tomcat denial of service",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/134"
},
{
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"name": "59873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59873"
},
{
"name": "67673",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67673"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1578392",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1578392"
},
{
"name": "1030300",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030300"
},
{
"name": "60729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60729"
}
]
}
}

170
2014/0xxx/CVE-2014-0272.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0272",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-0272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-010",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010"
},
{
"name" : "65370",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65370"
},
{
"name" : "103171",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/103171"
},
{
"name" : "1029741",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029741"
},
{
"name" : "56796",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56796"
},
{
"name" : "ms-ie-cve20140272-code-exec(90762)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90762"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-010",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010"
},
{
"name": "1029741",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029741"
},
{
"name": "56796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56796"
},
{
"name": "ms-ie-cve20140272-code-exec(90762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90762"
},
{
"name": "65370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65370"
},
{
"name": "103171",
"refsource": "OSVDB",
"url": "http://osvdb.org/103171"
}
]
}
}

160
2014/0xxx/CVE-2014-0504.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0504",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-0504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html"
},
{
"name" : "GLSA-201405-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201405-04.xml"
},
{
"name" : "RHSA-2014:0289",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0289.html"
},
{
"name" : "openSUSE-SU-2014:0379",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html"
},
{
"name" : "SUSE-SU-2014:0387",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0379",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html"
},
{
"name": "SUSE-SU-2014:0387",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html"
},
{
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html"
},
{
"name": "GLSA-201405-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"
},
{
"name": "RHSA-2014:0289",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0289.html"
}
]
}
}

150
2014/0xxx/CVE-2014-0817.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cs.cybozu.co.jp/information/gr20140225up03.php",
"refsource" : "CONFIRM",
"url" : "http://cs.cybozu.co.jp/information/gr20140225up03.php"
},
{
"name" : "https://support.cybozu.com/ja-jp/article/7992",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/7992"
},
{
"name" : "JVN#24035499",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN24035499/index.html"
},
{
"name" : "JVNDB-2014-000021",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/gr20140225up03.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/gr20140225up03.php"
},
{
"name": "https://support.cybozu.com/ja-jp/article/7992",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/7992"
},
{
"name": "JVNDB-2014-000021",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021"
},
{
"name": "JVN#24035499",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN24035499/index.html"
}
]
}
}

140
2014/0xxx/CVE-2014-0849.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0849",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name" : "IV53952",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952"
},
{
"name" : "ibm-maximo-cve20140849-sec-bypass(90738)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90738"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "IV53952",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952"
},
{
"name": "ibm-maximo-cve20140849-sec-bypass(90738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90738"
}
]
}
}

160
2014/1xxx/CVE-2014-1496.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1496",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-16.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=925747",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=925747"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "SUSE-SU-2014:0418",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=925747",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=925747"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "SUSE-SU-2014:0418",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-16.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-16.html"
}
]
}
}

380
2014/1xxx/CVE-2014-1578.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-77.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-77.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1063327",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1063327"
},
{
"name" : "https://advisories.mageia.org/MGASA-2014-0421.html",
"refsource" : "CONFIRM",
"url" : "https://advisories.mageia.org/MGASA-2014-0421.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "DSA-3050",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3050"
},
{
"name" : "DSA-3061",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3061"
},
{
"name" : "FEDORA-2014-13042",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html"
},
{
"name" : "FEDORA-2014-14084",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "RHSA-2014:1635",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1635.html"
},
{
"name" : "RHSA-2014:1647",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1647.html"
},
{
"name" : "openSUSE-SU-2014:1343",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html"
},
{
"name" : "openSUSE-SU-2014:1346",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html"
},
{
"name" : "openSUSE-SU-2014:1344",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html"
},
{
"name" : "openSUSE-SU-2014:1345",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html"
},
{
"name" : "openSUSE-SU-2015:0138",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"name" : "openSUSE-SU-2015:1266",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name" : "USN-2372-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2372-1"
},
{
"name" : "USN-2373-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2373-1"
},
{
"name" : "70428",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70428"
},
{
"name" : "1031028",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031028"
},
{
"name" : "1031030",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031030"
},
{
"name" : "61387",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61387"
},
{
"name" : "61854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61854"
},
{
"name" : "62021",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62021"
},
{
"name" : "62022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62022"
},
{
"name" : "62023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62021"
},
{
"name": "openSUSE-SU-2015:0138",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"name": "openSUSE-SU-2014:1344",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html"
},
{
"name": "openSUSE-SU-2014:1346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html"
},
{
"name": "FEDORA-2014-13042",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html"
},
{
"name": "1031028",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031028"
},
{
"name": "openSUSE-SU-2014:1345",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html"
},
{
"name": "USN-2373-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2373-1"
},
{
"name": "https://advisories.mageia.org/MGASA-2014-0421.html",
"refsource": "CONFIRM",
"url": "https://advisories.mageia.org/MGASA-2014-0421.html"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1063327",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1063327"
},
{
"name": "RHSA-2014:1635",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1635.html"
},
{
"name": "FEDORA-2014-14084",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html"
},
{
"name": "RHSA-2014:1647",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1647.html"
},
{
"name": "61387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61387"
},
{
"name": "USN-2372-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2372-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "62022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62022"
},
{
"name": "70428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70428"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "1031030",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031030"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-77.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-77.html"
},
{
"name": "62023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62023"
},
{
"name": "openSUSE-SU-2014:1343",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html"
},
{
"name": "DSA-3050",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3050"
},
{
"name": "61854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61854"
},
{
"name": "DSA-3061",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3061"
}
]
}
}

170
2014/1xxx/CVE-2014-1699.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01"
},
{
"name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf"
},
{
"name" : "65347",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65347"
},
{
"name" : "102812",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102812"
},
{
"name" : "56651",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56651"
},
{
"name" : "simatic-wincc-cve20141699-dos(90936)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90936"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102812",
"refsource": "OSVDB",
"url": "http://osvdb.org/102812"
},
{
"name": "simatic-wincc-cve20141699-dos(90936)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90936"
},
{
"name": "65347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65347"
},
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf"
},
{
"name": "56651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56651"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01"
}
]
}
}

150
2014/4xxx/CVE-2014-4150.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-4150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140613 Re: CVE request: scheme48: insecure use of temporary files in cmuscheme48.el",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/06/13/5"
},
{
"name" : "http://www.s48.org/cgi-bin/hgwebdir.cgi/s48/rev/a44624256297",
"refsource" : "CONFIRM",
"url" : "http://www.s48.org/cgi-bin/hgwebdir.cgi/s48/rev/a44624256297"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748766",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748766"
},
{
"name" : "67654",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67654"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748766",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748766"
},
{
"name": "http://www.s48.org/cgi-bin/hgwebdir.cgi/s48/rev/a44624256297",
"refsource": "CONFIRM",
"url": "http://www.s48.org/cgi-bin/hgwebdir.cgi/s48/rev/a44624256297"
},
{
"name": "[oss-security] 20140613 Re: CVE request: scheme48: insecure use of temporary files in cmuscheme48.el",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/13/5"
},
{
"name": "67654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67654"
}
]
}
}

880
2014/4xxx/CVE-2014-4244.json
View File

@ -1,442 +1,442 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681966",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681966"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10083",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10083"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683429",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683429"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683438",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683438"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685121",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685121"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685122",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685122"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685178",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685178"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685242",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685242"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686142",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686142"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688893",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688893"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689593",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689593"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21683518",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21683518"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683338",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683338"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683484",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683484"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334"
},
{
"name" : "https://www.ibm.com/support/docview.wss?uid=swg21680418",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=swg21680418"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681379",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681379"
},
{
"name" : "DSA-2980",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2980"
},
{
"name" : "DSA-2987",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2987"
},
{
"name" : "GLSA-201502-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name" : "HPSBUX03091",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "HPSBUX03092",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name" : "SSRT101667",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "SSRT101668",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name" : "RHSA-2015:0264",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
},
{
"name" : "RHSA-2014:0902",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0902"
},
{
"name" : "RHSA-2014:0908",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0908"
},
{
"name" : "SUSE-SU-2015:0344",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
},
{
"name" : "SUSE-SU-2015:0376",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
},
{
"name" : "SUSE-SU-2015:0392",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
},
{
"name" : "68624",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68624"
},
{
"name" : "1030577",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030577"
},
{
"name" : "59503",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59503"
},
{
"name" : "60245",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60245"
},
{
"name" : "60326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60326"
},
{
"name" : "60831",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60831"
},
{
"name" : "60890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60890"
},
{
"name" : "58830",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58830"
},
{
"name" : "61050",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61050"
},
{
"name" : "61215",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61215"
},
{
"name" : "61278",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61278"
},
{
"name" : "61293",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61293"
},
{
"name" : "61294",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61294"
},
{
"name" : "61469",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61469"
},
{
"name" : "61846",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61846"
},
{
"name" : "60081",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60081"
},
{
"name" : "60317",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60317"
},
{
"name" : "61577",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61577"
},
{
"name" : "61640",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61640"
},
{
"name" : "60846",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60846"
},
{
"name" : "62314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62314"
},
{
"name" : "59404",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59404"
},
{
"name" : "60817",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60817"
},
{
"name" : "60335",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60335"
},
{
"name" : "61417",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61417"
},
{
"name" : "61254",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61254"
},
{
"name" : "61264",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61264"
},
{
"name" : "60485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60485"
},
{
"name" : "59985",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59985"
},
{
"name" : "59986",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59986"
},
{
"name" : "59924",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59924"
},
{
"name" : "59987",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59987"
},
{
"name" : "59680",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59680"
},
{
"name" : "60622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60622"
},
{
"name" : "60002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60002"
},
{
"name" : "60031",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60031"
},
{
"name" : "60032",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60032"
},
{
"name" : "60129",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60129"
},
{
"name" : "60497",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60497"
},
{
"name" : "60812",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60812"
},
{
"name" : "oracle-cpujul2014-cve20144244(94605)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94605"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2987",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2987"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685178",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685178"
},
{
"name": "68624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68624"
},
{
"name": "60129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60129"
},
{
"name": "62314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62314"
},
{
"name": "58830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58830"
},
{
"name": "oracle-cpujul2014-cve20144244(94605)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94605"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681966",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681966"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681379",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681379"
},
{
"name": "61050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61050"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "HPSBUX03091",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "DSA-2980",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2980"
},
{
"name": "1030577",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030577"
},
{
"name": "61254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61254"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685242",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685242"
},
{
"name": "59987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59987"
},
{
"name": "60335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60335"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683429",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683429"
},
{
"name": "SSRT101667",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "HPSBUX03092",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name": "60831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60831"
},
{
"name": "60846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60846"
},
{
"name": "61846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61846"
},
{
"name": "60812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60812"
},
{
"name": "61264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61264"
},
{
"name": "60890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60890"
},
{
"name": "61469",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61469"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21683518",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21683518"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "SUSE-SU-2015:0376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
},
{
"name": "61215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61215"
},
{
"name": "60002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60002"
},
{
"name": "61294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61294"
},
{
"name": "59986",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59986"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689593",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689593"
},
{
"name": "RHSA-2015:0264",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
},
{
"name": "60245",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60245"
},
{
"name": "61417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61417"
},
{
"name": "60817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60817"
},
{
"name": "59924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59924"
},
{
"name": "61577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61577"
},
{
"name": "RHSA-2014:0908",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0908"
},
{
"name": "61278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61278"
},
{
"name": "60497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60497"
},
{
"name": "SUSE-SU-2015:0392",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
},
{
"name": "SSRT101668",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "60485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60485"
},
{
"name": "59680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59680"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683438",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683438"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683484",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683484"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688893",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688893"
},
{
"name": "60622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60622"
},
{
"name": "61293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61293"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg21680418",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21680418"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10083",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10083"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685121",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685121"
},
{
"name": "60081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60081"
},
{
"name": "60032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60032"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686142",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686142"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685122",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685122"
},
{
"name": "RHSA-2014:0902",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0902"
},
{
"name": "60326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60326"
},
{
"name": "59985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59985"
},
{
"name": "61640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61640"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683338",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683338"
},
{
"name": "59503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59503"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824"
},
{
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name": "60317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60317"
},
{
"name": "60031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60031"
},
{
"name": "SUSE-SU-2015:0344",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
},
{
"name": "59404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59404"
}
]
}
}

180
2014/5xxx/CVE-2014-5269.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5269",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-5269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140816 Re: CVE Request: Plack::App::File does not prune trailing slashes: possible code exposure / information disclosure",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q3/384"
},
{
"name" : "http://api.metacpan.org/source/MIYAGAWA/Plack-1.0031/Changes",
"refsource" : "CONFIRM",
"url" : "http://api.metacpan.org/source/MIYAGAWA/Plack-1.0031/Changes"
},
{
"name" : "https://github.com/avar/Plack/commit/bc1731dbb53850c380875ad683cd87c8ec99eee3",
"refsource" : "CONFIRM",
"url" : "https://github.com/avar/Plack/commit/bc1731dbb53850c380875ad683cd87c8ec99eee3"
},
{
"name" : "https://github.com/plack/Plack/issues/405",
"refsource" : "CONFIRM",
"url" : "https://github.com/plack/Plack/issues/405"
},
{
"name" : "FEDORA-2014-9542",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137115.html"
},
{
"name" : "FEDORA-2014-9544",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137099.html"
},
{
"name" : "109928",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/109928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140816 Re: CVE Request: Plack::App::File does not prune trailing slashes: possible code exposure / information disclosure",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/384"
},
{
"name": "FEDORA-2014-9544",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137099.html"
},
{
"name": "https://github.com/avar/Plack/commit/bc1731dbb53850c380875ad683cd87c8ec99eee3",
"refsource": "CONFIRM",
"url": "https://github.com/avar/Plack/commit/bc1731dbb53850c380875ad683cd87c8ec99eee3"
},
{
"name": "109928",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/109928"
},
{
"name": "https://github.com/plack/Plack/issues/405",
"refsource": "CONFIRM",
"url": "https://github.com/plack/Plack/issues/405"
},
{
"name": "http://api.metacpan.org/source/MIYAGAWA/Plack-1.0031/Changes",
"refsource": "CONFIRM",
"url": "http://api.metacpan.org/source/MIYAGAWA/Plack-1.0031/Changes"
},
{
"name": "FEDORA-2014-9542",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137115.html"
}
]
}
}

140
2014/5xxx/CVE-2014-5634.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5634",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Madipass Martinique (aka com.goodbarber.madipassmartinique) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#650873",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/650873"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Madipass Martinique (aka com.goodbarber.madipassmartinique) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#650873",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/650873"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/5xxx/CVE-2014-5716.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5716",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GUNSHIP BATTLE : Helicopter 3D (aka com.theonegames.gunshipbattle) application 1.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#301425",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/301425"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GUNSHIP BATTLE : Helicopter 3D (aka com.theonegames.gunshipbattle) application 1.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#301425",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/301425"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/5xxx/CVE-2014-5810.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SGK Hizmet Dokumu 4a (aka tr.gov.sgk.hizmetDokumu4a) application 1.103 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#507785",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/507785"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SGK Hizmet Dokumu 4a (aka tr.gov.sgk.hizmetDokumu4a) application 1.103 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#507785",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/507785"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

120
2015/2xxx/CVE-2015-2673.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2673",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.rastating.com/wp-easycart-privilege-escalation-information-disclosure/",
"refsource" : "MISC",
"url" : "http://blog.rastating.com/wp-easycart-privilege-escalation-information-disclosure/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.rastating.com/wp-easycart-privilege-escalation-information-disclosure/",
"refsource": "MISC",
"url": "http://blog.rastating.com/wp-easycart-privilege-escalation-information-disclosure/"
}
]
}
}

140
2016/10xxx/CVE-2016-10370.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10370",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://alephsecurity.com/vulns/aleph-2017022",
"refsource" : "MISC",
"url" : "https://alephsecurity.com/vulns/aleph-2017022"
},
{
"name" : "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/",
"refsource" : "MISC",
"url" : "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/"
},
{
"name" : "98495",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98495"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98495"
},
{
"name": "https://alephsecurity.com/vulns/aleph-2017022",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017022"
},
{
"name": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/",
"refsource": "MISC",
"url": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/"
}
]
}
}

122
2016/10xxx/CVE-2016-10635.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10635",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "broccoli-closure node module",
"version" : {
"version_data" : [
{
"version_value" : "<1.3.1"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "broccoli-closure node module",
"version": {
"version_data": [
{
"version_value": "<1.3.1"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/242",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/242"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/242",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/242"
}
]
}
}

122
2016/10xxx/CVE-2016-10663.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10663",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "wixtoolset node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wixtoolset node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/264",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/264"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/264",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/264"
}
]
}
}

200
2016/3xxx/CVE-2016-3183.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160316 Re: CVE request - OpenJPEG : Out-Of-Bounds Read in sycc422_to_rgb function",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/16/17"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1317821",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1317821"
},
{
"name" : "https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767",
"refsource" : "CONFIRM",
"url" : "https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"
},
{
"name" : "https://github.com/uclouvain/openjpeg/issues/726",
"refsource" : "CONFIRM",
"url" : "https://github.com/uclouvain/openjpeg/issues/726"
},
{
"name" : "FEDORA-2016-14d8f9b4ed",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/"
},
{
"name" : "FEDORA-2016-8fa7ced365",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/"
},
{
"name" : "FEDORA-2016-abdc548f46",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/"
},
{
"name" : "FEDORA-2016-d2ab705e4a",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/"
},
{
"name" : "GLSA-201612-26",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-26"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201612-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-26"
},
{
"name": "FEDORA-2016-14d8f9b4ed",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/"
},
{
"name": "FEDORA-2016-abdc548f46",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317821",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317821"
},
{
"name": "[oss-security] 20160316 Re: CVE request - OpenJPEG : Out-Of-Bounds Read in sycc422_to_rgb function",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/16/17"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/726",
"refsource": "CONFIRM",
"url": "https://github.com/uclouvain/openjpeg/issues/726"
},
{
"name": "FEDORA-2016-8fa7ced365",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/"
},
{
"name": "FEDORA-2016-d2ab705e4a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/"
},
{
"name": "https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767",
"refsource": "CONFIRM",
"url": "https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"
}
]
}
}

150
2016/3xxx/CVE-2016-3881.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and device hang or reboot) via a crafted media file, aka internal bug 30013856."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name" : "https://android.googlesource.com/platform/external/libvpx/+/4974dcbd0289a2530df2ee2a25b5f92775df80da",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/external/libvpx/+/4974dcbd0289a2530df2ee2a25b5f92775df80da"
},
{
"name" : "92821",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92821"
},
{
"name" : "1036763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and device hang or reboot) via a crafted media file, aka internal bug 30013856."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/external/libvpx/+/4974dcbd0289a2530df2ee2a25b5f92775df80da",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libvpx/+/4974dcbd0289a2530df2ee2a25b5f92775df80da"
},
{
"name": "92821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92821"
},
{
"name": "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
}
]
}
}

180
2016/4xxx/CVE-2016-4024.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-4024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Enlightenment-announce] 20160501 imlib2 1.4.9",
"refsource" : "MLIST",
"url" : "https://sourceforge.net/p/enlightenment/mailman/message/35055012/"
},
{
"name" : "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227",
"refsource" : "CONFIRM",
"url" : "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227"
},
{
"name" : "DSA-3555",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3555"
},
{
"name" : "GLSA-201611-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-12"
},
{
"name" : "openSUSE-SU-2016:1330",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html"
},
{
"name" : "86073",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/86073"
},
{
"name" : "1035573",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035573"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227",
"refsource": "CONFIRM",
"url": "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227"
},
{
"name": "[Enlightenment-announce] 20160501 imlib2 1.4.9",
"refsource": "MLIST",
"url": "https://sourceforge.net/p/enlightenment/mailman/message/35055012/"
},
{
"name": "GLSA-201611-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-12"
},
{
"name": "DSA-3555",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3555"
},
{
"name": "1035573",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035573"
},
{
"name": "86073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/86073"
},
{
"name": "openSUSE-SU-2016:1330",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html"
}
]
}
}

130
2016/8xxx/CVE-2016-8409.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8409",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495687. References: N-CVE-2016-8409."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name" : "94691",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94691"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495687. References: N-CVE-2016-8409."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94691"
},
{
"name": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01.html"
}
]
}
}

152
2016/8xxx/CVE-2016-8513.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2016-12-15T00:00:00",
"ID" : "CVE-2016-8513",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Version Control Repository Manager (VCRM)",
"version" : {
"version_data" : [
{
"version_value" : "All versions prior to 7.6"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CSRF"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2016-12-15T00:00:00",
"ID": "CVE-2016-8513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Version Control Repository Manager (VCRM)",
"version": {
"version_data": [
{
"version_value": "All versions prior to 7.6"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "94949",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94949"
},
{
"name" : "1037485",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037485"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363"
},
{
"name": "1037485",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037485"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "94949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94949"
}
]
}
}

34
2016/8xxx/CVE-2016-8997.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8997",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8997",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/9xxx/CVE-2016-9224.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-9224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Jabber Guest Server 10.6(9)",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Jabber Guest Server 10.6(9)"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.6(9). Known Fixed Releases: 11.0(0)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-9224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Jabber Guest Server 10.6(9)",
"version": {
"version_data": [
{
"version_value": "Cisco Jabber Guest Server 10.6(9)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber"
},
{
"name" : "95016",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95016"
},
{
"name" : "1037516",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037516"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.6(9). Known Fixed Releases: 11.0(0)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95016"
},
{
"name": "1037516",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037516"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber"
}
]
}
}

34
2016/9xxx/CVE-2016-9359.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9359",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9359",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

190
2016/9xxx/CVE-2016-9389.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9389",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161117 Re: jasper: multiple assertion failures",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/17/1"
},
{
"name" : "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1396963",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1396963"
},
{
"name" : "https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba",
"refsource" : "CONFIRM",
"url" : "https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba"
},
{
"name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "RHSA-2017:1208",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name" : "USN-3693-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3693-1/"
},
{
"name" : "94371",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94371"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1396963",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396963"
},
{
"name": "RHSA-2017:1208",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name": "[oss-security] 20161117 Re: jasper: multiple assertion failures",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/17/1"
},
{
"name": "https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba",
"refsource": "CONFIRM",
"url": "https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba"
},
{
"name": "USN-3693-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3693-1/"
},
{
"name": "94371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94371"
}
]
}
}

34
2019/2xxx/CVE-2019-2036.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2036",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2036",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2051.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2051",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2051",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2136.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2136",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2136",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2242.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2242",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2242",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2338.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2338",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2338",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6078.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6078",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6078",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

238
2019/6xxx/CVE-2019-6209.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2019-6209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "iOS",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "iOS 12.1.3"
}
]
}
},
{
"product_name" : "macOS",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "macOS Mojave 10.14.3"
}
]
}
},
{
"product_name" : "tvOS",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "tvOS 12.1.2"
}
]
}
},
{
"product_name" : "watchOS",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "watchOS 5.1.3"
}
]
}
}
]
},
"vendor_name" : "Apple"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "A malicious application may be able to determine kernel memory layout"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-6209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 12.1.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "macOS Mojave 10.14.3"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 12.1.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 5.1.3"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "46285",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46285/"
},
{
"name" : "https://support.apple.com/HT209443",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT209443"
},
{
"name" : "https://support.apple.com/HT209446",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT209446"
},
{
"name" : "https://support.apple.com/HT209447",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT209447"
},
{
"name" : "https://support.apple.com/HT209448",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT209448"
},
{
"name" : "106739",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106739"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to determine kernel memory layout"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209446",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209446"
},
{
"name": "https://support.apple.com/HT209443",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209443"
},
{
"name": "46285",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46285/"
},
{
"name": "https://support.apple.com/HT209448",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209448"
},
{
"name": "106739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106739"
},
{
"name": "https://support.apple.com/HT209447",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209447"
}
]
}
}

34
2019/6xxx/CVE-2019-6553.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6553",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6553",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6650.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6650",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6650",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/7xxx/CVE-2019-7630.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7630",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7630",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/7xxx/CVE-2019-7640.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7640",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7640",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}