admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:51:49 +00:00
parent 27e5fd18ac
commit 8d2115406f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 3478 additions and 3478 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
2007/0xxx/CVE-2007-0127.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070105 Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458"
},
{
"name" : "http://www.opera.com/support/search/supsearch.dml?index=851",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/search/supsearch.dml?index=851"
},
{
"name" : "GLSA-200701-08",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml"
},
{
"name" : "SUSE-SA:2007:009",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html"
},
{
"name" : "ADV-2007-0060",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0060"
},
{
"name" : "31575",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/31575"
},
{
"name" : "1017473",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017473"
},
{
"name" : "23613",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23613"
},
{
"name" : "23739",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23739"
},
{
"name" : "23771",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23771"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31575",
"refsource": "OSVDB",
"url": "http://osvdb.org/31575"
},
{
"name": "http://www.opera.com/support/search/supsearch.dml?index=851",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/search/supsearch.dml?index=851"
},
{
"name": "1017473",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017473"
},
{
"name": "23613",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23613"
},
{
"name": "ADV-2007-0060",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0060"
},
{
"name": "23739",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23739"
},
{
"name": "GLSA-200701-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml"
},
{
"name": "23771",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23771"
},
{
"name": "SUSE-SA:2007:009",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html"
},
{
"name": "20070105 Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458"
}
]
}
}

170
2007/0xxx/CVE-2007-0578.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747"
},
{
"name" : "http://www.mpg123.de/cgi-bin/news.cgi",
"refsource" : "CONFIRM",
"url" : "http://www.mpg123.de/cgi-bin/news.cgi"
},
{
"name" : "MDKSA-2007:032",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:032"
},
{
"name" : "22274",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22274"
},
{
"name" : "ADV-2007-0366",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0366"
},
{
"name" : "40128",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2007:032",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:032"
},
{
"name": "22274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22274"
},
{
"name": "40128",
"refsource": "OSVDB",
"url": "http://osvdb.org/40128"
},
{
"name": "ADV-2007-0366",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0366"
},
{
"name": "http://www.mpg123.de/cgi-bin/news.cgi",
"refsource": "CONFIRM",
"url": "http://www.mpg123.de/cgi-bin/news.cgi"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747"
}
]
}
}

260
2007/1xxx/CVE-2007-1111.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070224 ActiveCalendar 1.2.0, Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/461146/100/0/threaded"
},
{
"name" : "20070224 Re: ActiveCalendar 1.2.0, Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/461313/100/0/threaded"
},
{
"name" : "22705",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22705"
},
{
"name" : "ADV-2007-0759",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0759"
},
{
"name" : "33145",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/33145"
},
{
"name" : "33146",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/33146"
},
{
"name" : "33147",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/33147"
},
{
"name" : "33148",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/33148"
},
{
"name" : "33149",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/33149"
},
{
"name" : "33150",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/33150"
},
{
"name" : "33153",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/33153"
},
{
"name" : "33151",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/33151"
},
{
"name" : "33152",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/33152"
},
{
"name" : "2299",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2299"
},
{
"name" : "activecalendar-multiple-scripts-xss(32690)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32690"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33150",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33150"
},
{
"name": "2299",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2299"
},
{
"name": "ADV-2007-0759",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0759"
},
{
"name": "22705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22705"
},
{
"name": "33148",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33148"
},
{
"name": "33147",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33147"
},
{
"name": "33149",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33149"
},
{
"name": "20070224 Re: ActiveCalendar 1.2.0, Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461313/100/0/threaded"
},
{
"name": "33145",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33145"
},
{
"name": "33152",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33152"
},
{
"name": "33151",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33151"
},
{
"name": "33146",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33146"
},
{
"name": "33153",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33153"
},
{
"name": "20070224 ActiveCalendar 1.2.0, Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461146/100/0/threaded"
},
{
"name": "activecalendar-multiple-scripts-xss(32690)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32690"
}
]
}
}

160
2007/1xxx/CVE-2007-1818.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1818",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php in the Forum picture and META tags 1.7 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3613",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3613"
},
{
"name" : "23222",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23222"
},
{
"name" : "ADV-2007-1188",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1188"
},
{
"name" : "35445",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35445"
},
{
"name" : "phpbb-modforumfieldsparse-file-include(33346)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33346"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php in the Forum picture and META tags 1.7 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1188",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1188"
},
{
"name": "3613",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3613"
},
{
"name": "23222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23222"
},
{
"name": "phpbb-modforumfieldsparse-file-include(33346)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33346"
},
{
"name": "35445",
"refsource": "OSVDB",
"url": "http://osvdb.org/35445"
}
]
}
}

170
2007/3xxx/CVE-2007-3320.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3320",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=300&",
"refsource" : "MISC",
"url" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=300&"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-263.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-263.htm"
},
{
"name" : "24544",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24544"
},
{
"name" : "38116",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38116"
},
{
"name" : "25747",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25747"
},
{
"name" : "avaya-sipinvite-security-bypass(34971)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34971"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "avaya-sipinvite-security-bypass(34971)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34971"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-263.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-263.htm"
},
{
"name": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=300&",
"refsource": "MISC",
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=300&"
},
{
"name": "24544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24544"
},
{
"name": "25747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25747"
},
{
"name": "38116",
"refsource": "OSVDB",
"url": "http://osvdb.org/38116"
}
]
}
}

170
2007/3xxx/CVE-2007-3610.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3610",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4153",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4153"
},
{
"name" : "24788",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24788"
},
{
"name" : "ADV-2007-2447",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2447"
},
{
"name" : "35963",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35963"
},
{
"name" : "25975",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25975"
},
{
"name" : "phpvid-categoriestype-sql-injection(35273)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4153",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4153"
},
{
"name": "35963",
"refsource": "OSVDB",
"url": "http://osvdb.org/35963"
},
{
"name": "24788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24788"
},
{
"name": "ADV-2007-2447",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2447"
},
{
"name": "25975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25975"
},
{
"name": "phpvid-categoriestype-sql-injection(35273)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35273"
}
]
}
}

170
2007/3xxx/CVE-2007-3769.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3769",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070710 Portcullis Computer Security Ltd - Advisories",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=118409539009277&w=2"
},
{
"name" : "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt",
"refsource" : "MISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt"
},
{
"name" : "ADV-2007-2528",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name" : "37911",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37911"
},
{
"name" : "26061",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26061"
},
{
"name" : "surgeftp-error-xss(35378)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35378"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26061"
},
{
"name": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt",
"refsource": "MISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt"
},
{
"name": "surgeftp-error-xss(35378)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35378"
},
{
"name": "ADV-2007-2528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "37911",
"refsource": "OSVDB",
"url": "http://osvdb.org/37911"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=118409539009277&w=2"
}
]
}
}

200
2007/3xxx/CVE-2007-3884.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3884",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is also affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070909 Husrev Forums v2.0.1:PoWerBoard Sql",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/478974/100/0/threaded"
},
{
"name" : "http://yollubunlar.org/husrev-forums-v201powerboard-sql-injection-exploit-3503.html",
"refsource" : "MISC",
"url" : "http://yollubunlar.org/husrev-forums-v201powerboard-sql-injection-exploit-3503.html"
},
{
"name" : "24928",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24928"
},
{
"name" : "ADV-2007-2557",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2557"
},
{
"name" : "38185",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/38185"
},
{
"name" : "26089",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26089"
},
{
"name" : "26736",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26736"
},
{
"name" : "husrev-philboardforum-sql-injection(36530)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36530"
},
{
"name" : "husrevforum-philboardforum-sql-injection(35443)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35443"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2557",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2557"
},
{
"name": "26089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26089"
},
{
"name": "24928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24928"
},
{
"name": "26736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26736"
},
{
"name": "http://yollubunlar.org/husrev-forums-v201powerboard-sql-injection-exploit-3503.html",
"refsource": "MISC",
"url": "http://yollubunlar.org/husrev-forums-v201powerboard-sql-injection-exploit-3503.html"
},
{
"name": "husrevforum-philboardforum-sql-injection(35443)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35443"
},
{
"name": "husrev-philboardforum-sql-injection(36530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36530"
},
{
"name": "38185",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/38185"
},
{
"name": "20070909 Husrev Forums v2.0.1:PoWerBoard Sql",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/478974/100/0/threaded"
}
]
}
}

180
2007/4xxx/CVE-2007-4047.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4047",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070719 Geoblog v1 administrator bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/474127/100/0/threaded"
},
{
"name" : "24966",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24966"
},
{
"name" : "42485",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42485"
},
{
"name" : "42486",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42486"
},
{
"name" : "42487",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42487"
},
{
"name" : "2934",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2934"
},
{
"name" : "geoblog-listcomments-security-bypass(35494)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35494"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42487",
"refsource": "OSVDB",
"url": "http://osvdb.org/42487"
},
{
"name": "2934",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2934"
},
{
"name": "geoblog-listcomments-security-bypass(35494)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35494"
},
{
"name": "42486",
"refsource": "OSVDB",
"url": "http://osvdb.org/42486"
},
{
"name": "24966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24966"
},
{
"name": "20070719 Geoblog v1 administrator bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474127/100/0/threaded"
},
{
"name": "42485",
"refsource": "OSVDB",
"url": "http://osvdb.org/42485"
}
]
}
}

140
2007/4xxx/CVE-2007-4310.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a \"finger 9@host\" command, a different vulnerability than CVE-2001-1503."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070727 Re: Solaris finger bug",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/474927/100/100/threaded"
},
{
"name" : "20070727 Solaris finger bug",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/474858/100/100/threaded"
},
{
"name" : "2996",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2996"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a \"finger 9@host\" command, a different vulnerability than CVE-2001-1503."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070727 Re: Solaris finger bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474927/100/100/threaded"
},
{
"name": "2996",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2996"
},
{
"name": "20070727 Solaris finger bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474858/100/100/threaded"
}
]
}
}

170
2007/4xxx/CVE-2007-4364.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4364",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain \"unexpected / strange response\" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=531870",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=531870"
},
{
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1731608&group_id=177054&atid=879703",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1731608&group_id=177054&atid=879703"
},
{
"name" : "25317",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25317"
},
{
"name" : "39548",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39548"
},
{
"name" : "26445",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26445"
},
{
"name" : "fedora-ldap-security-bypass(36005)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36005"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain \"unexpected / strange response\" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39548",
"refsource": "OSVDB",
"url": "http://osvdb.org/39548"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1731608&group_id=177054&atid=879703",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1731608&group_id=177054&atid=879703"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=531870",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=531870"
},
{
"name": "25317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25317"
},
{
"name": "26445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26445"
},
{
"name": "fedora-ldap-security-bypass(36005)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36005"
}
]
}
}

440
2007/4xxx/CVE-2007-4588.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070826 InterWorx-CP Multiple HTML Injections Vulnerabilitie",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/477848/100/0/threaded"
},
{
"name" : "http://www.hackerscenter.com/archive/view.asp?id=27884",
"refsource" : "MISC",
"url" : "http://www.hackerscenter.com/archive/view.asp?id=27884"
},
{
"name" : "http://interworx.com/forums/showthread.php?t=2501",
"refsource" : "CONFIRM",
"url" : "http://interworx.com/forums/showthread.php?t=2501"
},
{
"name" : "25451",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25451"
},
{
"name" : "36739",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36739"
},
{
"name" : "36740",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36740"
},
{
"name" : "36742",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36742"
},
{
"name" : "36743",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36743"
},
{
"name" : "36744",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36744"
},
{
"name" : "36745",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36745"
},
{
"name" : "36746",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36746"
},
{
"name" : "36747",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36747"
},
{
"name" : "36748",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36748"
},
{
"name" : "36749",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36749"
},
{
"name" : "36750",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36750"
},
{
"name" : "36751",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36751"
},
{
"name" : "36752",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36752"
},
{
"name" : "36753",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36753"
},
{
"name" : "36755",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36755"
},
{
"name" : "36756",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36756"
},
{
"name" : "36757",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36757"
},
{
"name" : "36758",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36758"
},
{
"name" : "36759",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36759"
},
{
"name" : "36761",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36761"
},
{
"name" : "36762",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36762"
},
{
"name" : "36763",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36763"
},
{
"name" : "36764",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36764"
},
{
"name" : "36765",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36765"
},
{
"name" : "36766",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36766"
},
{
"name" : "26586",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26586"
},
{
"name" : "3070",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3070"
},
{
"name" : "interworx-nodeworx-multiple-file-include(36301)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36301"
},
{
"name" : "interworxcp-index-xss(36297)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36297"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36762",
"refsource": "OSVDB",
"url": "http://osvdb.org/36762"
},
{
"name": "36743",
"refsource": "OSVDB",
"url": "http://osvdb.org/36743"
},
{
"name": "25451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25451"
},
{
"name": "3070",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3070"
},
{
"name": "36740",
"refsource": "OSVDB",
"url": "http://osvdb.org/36740"
},
{
"name": "http://interworx.com/forums/showthread.php?t=2501",
"refsource": "CONFIRM",
"url": "http://interworx.com/forums/showthread.php?t=2501"
},
{
"name": "36765",
"refsource": "OSVDB",
"url": "http://osvdb.org/36765"
},
{
"name": "36761",
"refsource": "OSVDB",
"url": "http://osvdb.org/36761"
},
{
"name": "36750",
"refsource": "OSVDB",
"url": "http://osvdb.org/36750"
},
{
"name": "36759",
"refsource": "OSVDB",
"url": "http://osvdb.org/36759"
},
{
"name": "36766",
"refsource": "OSVDB",
"url": "http://osvdb.org/36766"
},
{
"name": "36746",
"refsource": "OSVDB",
"url": "http://osvdb.org/36746"
},
{
"name": "36744",
"refsource": "OSVDB",
"url": "http://osvdb.org/36744"
},
{
"name": "36758",
"refsource": "OSVDB",
"url": "http://osvdb.org/36758"
},
{
"name": "36751",
"refsource": "OSVDB",
"url": "http://osvdb.org/36751"
},
{
"name": "36757",
"refsource": "OSVDB",
"url": "http://osvdb.org/36757"
},
{
"name": "interworx-nodeworx-multiple-file-include(36301)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36301"
},
{
"name": "http://www.hackerscenter.com/archive/view.asp?id=27884",
"refsource": "MISC",
"url": "http://www.hackerscenter.com/archive/view.asp?id=27884"
},
{
"name": "36756",
"refsource": "OSVDB",
"url": "http://osvdb.org/36756"
},
{
"name": "26586",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26586"
},
{
"name": "20070826 InterWorx-CP Multiple HTML Injections Vulnerabilitie",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477848/100/0/threaded"
},
{
"name": "36739",
"refsource": "OSVDB",
"url": "http://osvdb.org/36739"
},
{
"name": "36747",
"refsource": "OSVDB",
"url": "http://osvdb.org/36747"
},
{
"name": "36764",
"refsource": "OSVDB",
"url": "http://osvdb.org/36764"
},
{
"name": "36753",
"refsource": "OSVDB",
"url": "http://osvdb.org/36753"
},
{
"name": "36745",
"refsource": "OSVDB",
"url": "http://osvdb.org/36745"
},
{
"name": "36742",
"refsource": "OSVDB",
"url": "http://osvdb.org/36742"
},
{
"name": "36748",
"refsource": "OSVDB",
"url": "http://osvdb.org/36748"
},
{
"name": "36763",
"refsource": "OSVDB",
"url": "http://osvdb.org/36763"
},
{
"name": "36749",
"refsource": "OSVDB",
"url": "http://osvdb.org/36749"
},
{
"name": "interworxcp-index-xss(36297)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36297"
},
{
"name": "36752",
"refsource": "OSVDB",
"url": "http://osvdb.org/36752"
},
{
"name": "36755",
"refsource": "OSVDB",
"url": "http://osvdb.org/36755"
}
]
}
}

130
2014/5xxx/CVE-2014-5021.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5021",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the \"administer taxonomy\" permission to inject arbitrary web script or HTML via an option group label."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/SA-CORE-2014-003",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/SA-CORE-2014-003"
},
{
"name" : "DSA-2983",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2983"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the \"administer taxonomy\" permission to inject arbitrary web script or HTML via an option group label."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2983",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2983"
},
{
"name": "https://www.drupal.org/SA-CORE-2014-003",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/SA-CORE-2014-003"
}
]
}
}

160
2014/5xxx/CVE-2014-5249.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the \"Biblio self autocomplete\" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/node/2316717",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2316717"
},
{
"name" : "https://www.drupal.org/node/2316023",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2316023"
},
{
"name" : "https://www.drupal.org/node/2316025",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2316025"
},
{
"name" : "69091",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69091"
},
{
"name" : "biblioautocomplete-drupal-sql-injection(95146)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95146"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the \"Biblio self autocomplete\" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69091"
},
{
"name": "https://www.drupal.org/node/2316717",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2316717"
},
{
"name": "https://www.drupal.org/node/2316025",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2316025"
},
{
"name": "https://www.drupal.org/node/2316023",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2316023"
},
{
"name": "biblioautocomplete-drupal-sql-injection(95146)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95146"
}
]
}
}

34
2014/5xxx/CVE-2014-5442.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5442",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5442",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/5xxx/CVE-2014-5732.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5732",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Wamba - meet women and men (aka com.wamba.client) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#398929",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/398929"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Wamba - meet women and men (aka com.wamba.client) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#398929",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/398929"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2015/2xxx/CVE-2015-2020.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-2020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://alephsecurity.com/vulns/aleph-2015006",
"refsource" : "MISC",
"url" : "https://alephsecurity.com/vulns/aleph-2015006"
},
{
"name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf",
"refsource" : "MISC",
"url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf",
"refsource": "MISC",
"url": "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf"
},
{
"name": "https://alephsecurity.com/vulns/aleph-2015006",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2015006"
}
]
}
}

140
2015/2xxx/CVE-2015-2023.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2023",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-2023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "38751",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/38751/"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020996",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020996"
},
{
"name" : "SI57907",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1SI57907"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020996",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020996"
},
{
"name": "38751",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38751/"
},
{
"name": "SI57907",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1SI57907"
}
]
}
}

130
2015/2xxx/CVE-2015-2556.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2556",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka \"Microsoft SharePoint Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-110",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"name" : "1033804",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033804"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka \"Microsoft SharePoint Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-110",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110"
},
{
"name": "1033804",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033804"
}
]
}
}

140
2015/6xxx/CVE-2015-6084.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6084",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-6064 and CVE-2015-6085."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20151201 Microsoft Internet Explorer \"CTxtPtr::GetPlainText\" OOB Access Vulnerability",
"refsource" : "IDEFENSE",
"url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1209"
},
{
"name" : "MS15-112",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112"
},
{
"name" : "1034112",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034112"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-6064 and CVE-2015-6085."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151201 Microsoft Internet Explorer \"CTxtPtr::GetPlainText\" OOB Access Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1209"
},
{
"name": "1034112",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034112"
},
{
"name": "MS15-112",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112"
}
]
}
}

34
2015/6xxx/CVE-2015-6186.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6186",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-6186",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

34
2015/6xxx/CVE-2015-6189.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6189",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-6189",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

150
2015/6xxx/CVE-2015-6585.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a \"type confusion\" via an HWPX file containing a crafted para text tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.fireeye.com/blog/threat-research/2015/09/zero-day_hwp_exploit.html",
"refsource" : "MISC",
"url" : "https://www.fireeye.com/blog/threat-research/2015/09/zero-day_hwp_exploit.html"
},
{
"name" : "https://www.fireeye.com/content/dam/fireeye-www/global/en/blog/threat-research/FireEye_HWP_ZeroDay.pdf",
"refsource" : "MISC",
"url" : "https://www.fireeye.com/content/dam/fireeye-www/global/en/blog/threat-research/FireEye_HWP_ZeroDay.pdf"
},
{
"name" : "http://www.hancom.com/cs_center/csDownload.do",
"refsource" : "CONFIRM",
"url" : "http://www.hancom.com/cs_center/csDownload.do"
},
{
"name" : "76694",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76694"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a \"type confusion\" via an HWPX file containing a crafted para text tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76694"
},
{
"name": "https://www.fireeye.com/blog/threat-research/2015/09/zero-day_hwp_exploit.html",
"refsource": "MISC",
"url": "https://www.fireeye.com/blog/threat-research/2015/09/zero-day_hwp_exploit.html"
},
{
"name": "http://www.hancom.com/cs_center/csDownload.do",
"refsource": "CONFIRM",
"url": "http://www.hancom.com/cs_center/csDownload.do"
},
{
"name": "https://www.fireeye.com/content/dam/fireeye-www/global/en/blog/threat-research/FireEye_HWP_ZeroDay.pdf",
"refsource": "MISC",
"url": "https://www.fireeye.com/content/dam/fireeye-www/global/en/blog/threat-research/FireEye_HWP_ZeroDay.pdf"
}
]
}
}

150
2015/7xxx/CVE-2015-7082.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-7082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt",
"refsource" : "CONFIRM",
"url" : "https://github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt"
},
{
"name" : "https://support.apple.com/HT205642",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205642"
},
{
"name" : "APPLE-SA-2015-12-08-6",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html"
},
{
"name" : "1034340",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034340"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT205642",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205642"
},
{
"name": "APPLE-SA-2015-12-08-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html"
},
{
"name": "https://github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt",
"refsource": "CONFIRM",
"url": "https://github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt"
},
{
"name": "1034340",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034340"
}
]
}
}

150
2015/7xxx/CVE-2015-7241.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7241",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150921 SAP Netwaver - XML External Entity Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536504/100/0/threaded"
},
{
"name" : "38261",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/38261/"
},
{
"name" : "http://packetstormsecurity.com/files/133627/SAP-Netweaver-XML-External-Entity-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133627/SAP-Netweaver-XML-External-Entity-Injection.html"
},
{
"name" : "76809",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133627/SAP-Netweaver-XML-External-Entity-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133627/SAP-Netweaver-XML-External-Entity-Injection.html"
},
{
"name": "20150921 SAP Netwaver - XML External Entity Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536504/100/0/threaded"
},
{
"name": "38261",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38261/"
},
{
"name": "76809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76809"
}
]
}
}

150
2015/7xxx/CVE-2015-7683.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20151012 CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536670/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/133930/WordPress-Font-7.5-Path-Traversal.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133930/WordPress-Font-7.5-Path-Traversal.html"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8214",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8214"
},
{
"name" : "https://wordpress.org/plugins/font/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/font/changelog/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8214",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8214"
},
{
"name": "http://packetstormsecurity.com/files/133930/WordPress-Font-7.5-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133930/WordPress-Font-7.5-Path-Traversal.html"
},
{
"name": "20151012 CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536670/100/0/threaded"
},
{
"name": "https://wordpress.org/plugins/font/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/font/changelog/"
}
]
}
}

140
2016/0xxx/CVE-2016-0166.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0166",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-230",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-230"
},
{
"name" : "MS16-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-037"
},
{
"name" : "1035521",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035521"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-230",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-230"
},
{
"name": "1035521",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035521"
},
{
"name": "MS16-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-037"
}
]
}
}

34
2016/0xxx/CVE-2016-0627.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0627",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-0627",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

540
2016/0xxx/CVE-2016-0702.json
View File

@ -1,272 +1,272 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-0702",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cachebleed.info",
"refsource" : "MISC",
"url" : "http://cachebleed.info"
},
{
"name" : "http://openssl.org/news/secadv/20160301.txt",
"refsource" : "CONFIRM",
"url" : "http://openssl.org/news/secadv/20160301.txt"
},
{
"name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
},
{
"name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168",
"refsource" : "CONFIRM",
"url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "https://www.openssl.org/news/secadv/20160301.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv/20160301.txt"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us"
},
{
"name" : "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
},
{
"name" : "DSA-3500",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3500"
},
{
"name" : "FEDORA-2016-2802690366",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
},
{
"name" : "FEDORA-2016-e6807b3394",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
},
{
"name" : "FreeBSD-SA-16:12",
"refsource" : "FREEBSD",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
},
{
"name" : "GLSA-201603-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-15"
},
{
"name" : "HPSBGN03563",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=145889460330120&w=2"
},
{
"name" : "RHSA-2016:2957",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name" : "openSUSE-SU-2016:1566",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"name" : "openSUSE-SU-2016:1239",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name" : "openSUSE-SU-2016:1241",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name" : "SUSE-SU-2016:1267",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name" : "openSUSE-SU-2016:1242",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"name" : "openSUSE-SU-2016:1273",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name" : "SUSE-SU-2016:1290",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name" : "SUSE-SU-2016:1360",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"name" : "SUSE-SU-2016:1057",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
},
{
"name" : "SUSE-SU-2016:0617",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
},
{
"name" : "SUSE-SU-2016:0620",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
},
{
"name" : "SUSE-SU-2016:0621",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
},
{
"name" : "SUSE-SU-2016:0624",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
},
{
"name" : "SUSE-SU-2016:0631",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
},
{
"name" : "SUSE-SU-2016:0641",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
},
{
"name" : "openSUSE-SU-2016:0627",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
},
{
"name" : "openSUSE-SU-2016:0628",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
},
{
"name" : "openSUSE-SU-2016:0637",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
},
{
"name" : "openSUSE-SU-2016:0638",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
},
{
"name" : "openSUSE-SU-2016:0720",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
},
{
"name" : "USN-2914-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2914-1"
},
{
"name" : "1035133",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035133"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-2802690366",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
},
{
"name": "openSUSE-SU-2016:1242",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"name": "SUSE-SU-2016:1267",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name": "FEDORA-2016-e6807b3394",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
},
{
"name": "openSUSE-SU-2016:0638",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"name": "FreeBSD-SA-16:12",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:1239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name": "SUSE-SU-2016:0621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
},
{
"name": "HPSBGN03563",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=145889460330120&w=2"
},
{
"name": "USN-2914-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2914-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "SUSE-SU-2016:1057",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
},
{
"name": "openSUSE-SU-2016:1566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
},
{
"name": "openSUSE-SU-2016:1241",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name": "http://openssl.org/news/secadv/20160301.txt",
"refsource": "CONFIRM",
"url": "http://openssl.org/news/secadv/20160301.txt"
},
{
"name": "SUSE-SU-2016:1360",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
},
{
"name": "openSUSE-SU-2016:0720",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "SUSE-SU-2016:0624",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
},
{
"name": "DSA-3500",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3500"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us"
},
{
"name": "SUSE-SU-2016:0631",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
},
{
"name": "https://www.openssl.org/news/secadv/20160301.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20160301.txt"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "SUSE-SU-2016:0617",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
},
{
"name": "SUSE-SU-2016:1290",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name": "openSUSE-SU-2016:1273",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name": "RHSA-2016:2957",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "GLSA-201603-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-15"
},
{
"name": "openSUSE-SU-2016:0628",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
},
{
"name": "1035133",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035133"
},
{
"name": "http://cachebleed.info",
"refsource": "MISC",
"url": "http://cachebleed.info"
},
{
"name": "https://git.openssl.org/?p=openssl.git;a=commit;h=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
},
{
"name": "SUSE-SU-2016:0620",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
},
{
"name": "openSUSE-SU-2016:0637",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
},
{
"name": "openSUSE-SU-2016:0627",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
},
{
"name": "SUSE-SU-2016:0641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
}
]
}
}

130
2016/0xxx/CVE-2016-0803.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0803",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-0803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-02-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-02-01.html"
},
{
"name" : "https://android.googlesource.com/platform%2Fframeworks%2Fav/+/50270d98e26fa18b20ca88216c3526667b724ba7",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform%2Fframeworks%2Fav/+/50270d98e26fa18b20ca88216c3526667b724ba7"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform%2Fframeworks%2Fav/+/50270d98e26fa18b20ca88216c3526667b724ba7",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform%2Fframeworks%2Fav/+/50270d98e26fa18b20ca88216c3526667b724ba7"
},
{
"name": "http://source.android.com/security/bulletin/2016-02-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-02-01.html"
}
]
}
}

34
2016/1000xxx/CVE-2016-1000176.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1000176",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000176",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/1000xxx/CVE-2016-1000362.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1000362",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9849. Reason: This candidate is a reservation duplicate of CVE-2016-9849. Notes: All CVE users should reference CVE-2016-9849 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-1000362",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9849. Reason: This candidate is a reservation duplicate of CVE-2016-9849. Notes: All CVE users should reference CVE-2016-9849 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

120
2016/10xxx/CVE-2016-10365.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@elastic.co",
"ID" : "CVE-2016-10365",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Kibana",
"version" : {
"version_data" : [
{
"version_value" : "before 5.0.1 and 4.6.3"
}
]
}
}
]
},
"vendor_name" : "Elastic"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-601: URL Redirection to Untrusted Site"
}
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2016-10365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kibana",
"version": {
"version_data": [
{
"version_value": "before 5.0.1 and 4.6.3"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.elastic.co/community/security",
"refsource" : "CONFIRM",
"url" : "https://www.elastic.co/community/security"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: URL Redirection to Untrusted Site"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
}
]
}
}

132
2016/10xxx/CVE-2016-10491.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2016-10491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20, , , , ,"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, an integer overflow leading to buffer overflow can occur in a QuRT API function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer Overflow to Buffer Overflow in Core"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2016-10491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20, , , , ,"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, an integer overflow leading to buffer overflow can occur in a QuRT API function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow to Buffer Overflow in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

34
2016/1xxx/CVE-2016-1545.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1545",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1545",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/4xxx/CVE-2016-4194.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html"
},
{
"name" : "91716",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91716"
},
{
"name" : "1036281",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036281"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91716"
},
{
"name": "1036281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036281"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html"
}
]
}
}

140
2016/4xxx/CVE-2016-4265.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4265",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-488",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-488"
},
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html"
},
{
"name" : "92640",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92640"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92640"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-488",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-488"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html"
}
]
}
}

34
2016/4xxx/CVE-2016-4636.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4636",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-4636",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

134
2019/1003xxx/CVE-2019-1003001.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-01-21T18:56:51.575446",
"ID" : "CVE-2019-1003001",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pipeline: Groovy Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.61 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-693"
}
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-01-21T18:56:51.575446",
"ID": "CVE-2019-1003001",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pipeline: Groovy Plugin",
"version": {
"version_data": [
{
"version_value": "2.61 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266"
},
{
"name" : "RHBA-2019:0326",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHBA-2019:0326"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266"
},
{
"name": "RHBA-2019:0326",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0326"
}
]
}
}

140
2019/2xxx/CVE-2019-2524.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2524",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "5.2.24"
},
{
"version_affected" : "<",
"version_value" : "6.0.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.2.24"
},
{
"version_affected": "<",
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106568"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106568"
}
]
}
}

34
2019/3xxx/CVE-2019-3201.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3201",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3201",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/3xxx/CVE-2019-3403.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3403",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3403",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/3xxx/CVE-2019-3933.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3933",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3933",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4119.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4119",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4119",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4369.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4369",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4369",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2019/6xxx/CVE-2019-6126.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6126",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Mad-robot/CVE-List/blob/master/Advance%20Peer%20to%20Peer%20MLM%20Script.md",
"refsource" : "MISC",
"url" : "https://github.com/Mad-robot/CVE-List/blob/master/Advance%20Peer%20to%20Peer%20MLM%20Script.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mad-robot/CVE-List/blob/master/Advance%20Peer%20to%20Peer%20MLM%20Script.md",
"refsource": "MISC",
"url": "https://github.com/Mad-robot/CVE-List/blob/master/Advance%20Peer%20to%20Peer%20MLM%20Script.md"
}
]
}
}

34
2019/6xxx/CVE-2019-6362.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6362",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6362",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6480.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6480",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6480",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6702.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6702",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6702",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2019/7xxx/CVE-2019-7313.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code",
"refsource" : "MISC",
"url" : "https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code",
"refsource": "MISC",
"url": "https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code"
}
]
}
}

120
2019/7xxx/CVE-2019-7704.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7704",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/WebAssembly/binaryen/issues/1866",
"refsource" : "MISC",
"url" : "https://github.com/WebAssembly/binaryen/issues/1866"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/WebAssembly/binaryen/issues/1866",
"refsource": "MISC",
"url": "https://github.com/WebAssembly/binaryen/issues/1866"
}
]
}
}

34
2019/7xxx/CVE-2019-7926.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7926",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7926",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/7xxx/CVE-2019-7941.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7941",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7941",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2019/8xxx/CVE-2019-8358.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8358",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.hiawatha-webserver.org/changelog",
"refsource" : "CONFIRM",
"url" : "https://www.hiawatha-webserver.org/changelog"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hiawatha-webserver.org/changelog",
"refsource": "CONFIRM",
"url": "https://www.hiawatha-webserver.org/changelog"
}
]
}
}

34
2019/8xxx/CVE-2019-8766.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8766",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8766",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/8xxx/CVE-2019-8812.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8812",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8812",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/8xxx/CVE-2019-8846.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8846",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8846",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/9xxx/CVE-2019-9316.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9316",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9316",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/9xxx/CVE-2019-9355.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9355",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9355",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/9xxx/CVE-2019-9534.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9534",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9534",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/9xxx/CVE-2019-9691.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9691",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9691",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}