admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 07:11:45 +00:00
parent f379082239
commit 8ec12b368d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
62 changed files with 4022 additions and 4022 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

250
2007/0xxx/CVE-2007-0229.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0229",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes \"allocation of a negative size buffer\" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[freebsd-security] 20070114 MOAB advisories",
"refsource" : "MLIST",
"url" : "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"
},
{
"name" : "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html",
"refsource" : "MISC",
"url" : "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html"
},
{
"name" : "http://projects.info-pull.com/moab/MOAB-10-01-2007.html",
"refsource" : "MISC",
"url" : "http://projects.info-pull.com/moab/MOAB-10-01-2007.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=305214",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name" : "APPLE-SA-2007-03-13",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name" : "TA07-072A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name" : "21993",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21993"
},
{
"name" : "ADV-2007-0141",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0141"
},
{
"name" : "ADV-2007-0930",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name" : "32684",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/32684"
},
{
"name" : "1017751",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017751"
},
{
"name" : "23703",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23703"
},
{
"name" : "24479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24479"
},
{
"name" : "macos-ffsmountfs-bo(31409)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31409"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes \"allocation of a negative size buffer\" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://projects.info-pull.com/moab/MOAB-10-01-2007.html",
"refsource": "MISC",
"url": "http://projects.info-pull.com/moab/MOAB-10-01-2007.html"
},
{
"name": "TA07-072A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "32684",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32684"
},
{
"name": "[freebsd-security] 20070114 MOAB advisories",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"
},
{
"name": "ADV-2007-0141",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0141"
},
{
"name": "APPLE-SA-2007-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305214",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "1017751",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017751"
},
{
"name": "21993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21993"
},
{
"name": "macos-ffsmountfs-bo(31409)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31409"
},
{
"name": "23703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23703"
},
{
"name": "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html",
"refsource": "MISC",
"url": "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html"
},
{
"name": "ADV-2007-0930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "24479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24479"
}
]
}
}

230
2007/0xxx/CVE-2007-0348.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0348",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-0348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070321 Secunia Research: InterActual Player / CinePlayer IASystemInfo.dllActiveX Control Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/463405/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2007-37/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2007-37/advisory/"
},
{
"name" : "VU#922969",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/922969"
},
{
"name" : "23071",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23071"
},
{
"name" : "ADV-2007-1042",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1042"
},
{
"name" : "ADV-2007-1043",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1043"
},
{
"name" : "34314",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34314"
},
{
"name" : "34315",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34315"
},
{
"name" : "23032",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23032"
},
{
"name" : "23075",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23075"
},
{
"name" : "24556",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24556"
},
{
"name" : "interactual-iasysteminfo-bo(33186)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33186"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23075"
},
{
"name": "interactual-iasysteminfo-bo(33186)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33186"
},
{
"name": "34314",
"refsource": "OSVDB",
"url": "http://osvdb.org/34314"
},
{
"name": "23032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23032"
},
{
"name": "VU#922969",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/922969"
},
{
"name": "http://secunia.com/secunia_research/2007-37/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-37/advisory/"
},
{
"name": "34315",
"refsource": "OSVDB",
"url": "http://osvdb.org/34315"
},
{
"name": "ADV-2007-1042",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1042"
},
{
"name": "23071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23071"
},
{
"name": "ADV-2007-1043",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1043"
},
{
"name": "24556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24556"
},
{
"name": "20070321 Secunia Research: InterActual Player / CinePlayer IASystemInfo.dllActiveX Control Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463405/100/0/threaded"
}
]
}
}

170
2007/0xxx/CVE-2007-0406.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=476891",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=476891"
},
{
"name" : "http://xinehq.de/index.php/news?show_category_id=1",
"refsource" : "CONFIRM",
"url" : "http://xinehq.de/index.php/news?show_category_id=1"
},
{
"name" : "ADV-2007-0259",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0259"
},
{
"name" : "38320",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38320"
},
{
"name" : "38321",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38321"
},
{
"name" : "gxine-serversetup-serverclient-bo(31604)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38321",
"refsource": "OSVDB",
"url": "http://osvdb.org/38321"
},
{
"name": "ADV-2007-0259",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0259"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=476891",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=476891"
},
{
"name": "gxine-serversetup-serverclient-bo(31604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31604"
},
{
"name": "38320",
"refsource": "OSVDB",
"url": "http://osvdb.org/38320"
},
{
"name": "http://xinehq.de/index.php/news?show_category_id=1",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/news?show_category_id=1"
}
]
}
}

140
2007/0xxx/CVE-2007-0532.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0532",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070122 Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/457698/100/0/threaded"
},
{
"name" : "2187",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2187"
},
{
"name" : "uploader-userdata-info-disclosure(31683)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "uploader-userdata-info-disclosure(31683)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31683"
},
{
"name": "20070122 Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457698/100/0/threaded"
},
{
"name": "2187",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2187"
}
]
}
}

150
2007/0xxx/CVE-2007-0551.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0551",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070120 cmsimple 2.7 Remote File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/457668/100/0/threaded"
},
{
"name" : "33572",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33572"
},
{
"name" : "2195",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2195"
},
{
"name" : "cmsimple-cms-file-include(31658)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31658"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33572",
"refsource": "OSVDB",
"url": "http://osvdb.org/33572"
},
{
"name": "2195",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2195"
},
{
"name": "20070120 cmsimple 2.7 Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457668/100/0/threaded"
},
{
"name": "cmsimple-cms-file-include(31658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31658"
}
]
}
}

350
2007/0xxx/CVE-2007-0994.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-0994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://issues.rpath.com/browse/RPL-1103",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1103"
},
{
"name" : "DSA-1336",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1336"
},
{
"name" : "HPSBUX02153",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name" : "SSRT061181",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name" : "RHSA-2007:0078",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733"
},
{
"name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-09.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-09.html"
},
{
"name" : "RHSA-2007:0097",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"name" : "20070301-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"name" : "20070202-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"name" : "SSA:2007-066-03",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851"
},
{
"name" : "SSA:2007-066-05",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"
},
{
"name" : "SUSE-SA:2007:019",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"name" : "SUSE-SA:2007:022",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"name" : "22826",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22826"
},
{
"name" : "oval:org.mitre.oval:def:9749",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9749"
},
{
"name" : "ADV-2007-0823",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0823"
},
{
"name" : "1017726",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017726"
},
{
"name" : "24395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24395"
},
{
"name" : "24384",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24384"
},
{
"name" : "24650",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24650"
},
{
"name" : "24455",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24455"
},
{
"name" : "24457",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24457"
},
{
"name" : "25588",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25588"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2007:0078",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"name": "oval:org.mitre.oval:def:9749",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9749"
},
{
"name": "24395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24395"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733"
},
{
"name": "SSA:2007-066-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851"
},
{
"name": "24384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24384"
},
{
"name": "24457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24457"
},
{
"name": "DSA-1336",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1336"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "24650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24650"
},
{
"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-09.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-09.html"
},
{
"name": "25588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25588"
},
{
"name": "https://issues.rpath.com/browse/RPL-1103",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1103"
},
{
"name": "1017726",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017726"
},
{
"name": "SUSE-SA:2007:019",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"name": "SUSE-SA:2007:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"name": "ADV-2007-0823",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0823"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "RHSA-2007:0097",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"name": "20070301-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"name": "24455",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24455"
},
{
"name": "20070202-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"name": "SSA:2007-066-05",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"
},
{
"name": "22826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22826"
}
]
}
}

160
2007/1xxx/CVE-2007-1363.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1363",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cynops.de/advisories/CVE-2007-1363.txt",
"refsource" : "MISC",
"url" : "http://www.cynops.de/advisories/CVE-2007-1363.txt"
},
{
"name" : "http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437",
"refsource" : "CONFIRM",
"url" : "http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437"
},
{
"name" : "23400",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23400"
},
{
"name" : "24861",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24861"
},
{
"name" : "dropafew-multiple-sql-injection(33560)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33560"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437",
"refsource": "CONFIRM",
"url": "http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437"
},
{
"name": "24861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24861"
},
{
"name": "http://www.cynops.de/advisories/CVE-2007-1363.txt",
"refsource": "MISC",
"url": "http://www.cynops.de/advisories/CVE-2007-1363.txt"
},
{
"name": "dropafew-multiple-sql-injection(33560)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33560"
},
{
"name": "23400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23400"
}
]
}
}

150
2007/1xxx/CVE-2007-1367.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm"
},
{
"name" : "22866",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22866"
},
{
"name" : "33297",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/33297"
},
{
"name" : "24397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24397"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22866"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm"
},
{
"name": "33297",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33297"
},
{
"name": "24397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24397"
}
]
}
}

150
2007/1xxx/CVE-2007-1895.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1895",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3657",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3657"
},
{
"name" : "ADV-2007-1261",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1261"
},
{
"name" : "34145",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34145"
},
{
"name" : "24760",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3657"
},
{
"name": "24760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24760"
},
{
"name": "ADV-2007-1261",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1261"
},
{
"name": "34145",
"refsource": "OSVDB",
"url": "http://osvdb.org/34145"
}
]
}
}

140
2007/1xxx/CVE-2007-1951.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1951",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070406 [MajorSecurity Advisory #40]onelook oboShop - Session fixation Issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/464886/100/0/threaded"
},
{
"name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls40",
"refsource" : "MISC",
"url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls40"
},
{
"name" : "oboshop-phpsessid-security-bypass(33500)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33500"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls40",
"refsource": "MISC",
"url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls40"
},
{
"name": "20070406 [MajorSecurity Advisory #40]onelook oboShop - Session fixation Issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464886/100/0/threaded"
},
{
"name": "oboshop-phpsessid-security-bypass(33500)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33500"
}
]
}
}

170
2007/4xxx/CVE-2007-4008.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4008",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4220",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4220"
},
{
"name" : "25039",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25039"
},
{
"name" : "ADV-2007-2644",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2644"
},
{
"name" : "36919",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36919"
},
{
"name" : "26194",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26194"
},
{
"name" : "entertainment-custom-file-include(35609)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25039",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25039"
},
{
"name": "36919",
"refsource": "OSVDB",
"url": "http://osvdb.org/36919"
},
{
"name": "4220",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4220"
},
{
"name": "ADV-2007-2644",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2644"
},
{
"name": "26194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26194"
},
{
"name": "entertainment-custom-file-include(35609)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35609"
}
]
}
}

400
2007/4xxx/CVE-2007-4029.json
View File

@ -1,202 +1,202 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4029",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-4029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070726 libvorbis 1.1.2 - Multiple memory corruption flaws",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/474729/100/0/threaded"
},
{
"name" : "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt",
"refsource" : "MISC",
"url" : "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1590",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1590"
},
{
"name" : "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html",
"refsource" : "CONFIRM",
"url" : "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=249780",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
},
{
"name" : "DSA-1471",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1471"
},
{
"name" : "GLSA-200710-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200710-03.xml"
},
{
"name" : "MDKSA-2007:167-1",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1"
},
{
"name" : "RHSA-2007:0845",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
},
{
"name" : "RHSA-2007:0912",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
},
{
"name" : "SUSE-SR:2007:023",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"name" : "USN-498-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-498-1"
},
{
"name" : "25082",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25082"
},
{
"name" : "oval:org.mitre.oval:def:10570",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570"
},
{
"name" : "ADV-2007-2698",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2698"
},
{
"name" : "ADV-2007-2760",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2760"
},
{
"name" : "1018712",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018712"
},
{
"name" : "26232",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26232"
},
{
"name" : "26087",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26087"
},
{
"name" : "26299",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26299"
},
{
"name" : "26429",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26429"
},
{
"name" : "26535",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26535"
},
{
"name" : "26865",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26865"
},
{
"name" : "27099",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27099"
},
{
"name" : "24923",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24923"
},
{
"name" : "27439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27439"
},
{
"name" : "28614",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28614"
},
{
"name" : "libvorbis-infoclear-code-execution(35623)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35623"
},
{
"name" : "libvorbis-blocksize-code-execution(35624)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt",
"refsource": "MISC",
"url": "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt"
},
{
"name": "https://issues.rpath.com/browse/RPL-1590",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1590"
},
{
"name": "USN-498-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-498-1"
},
{
"name": "ADV-2007-2760",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2760"
},
{
"name": "libvorbis-blocksize-code-execution(35624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35624"
},
{
"name": "26299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26299"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=249780",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
},
{
"name": "28614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28614"
},
{
"name": "DSA-1471",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1471"
},
{
"name": "26429",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26429"
},
{
"name": "RHSA-2007:0912",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
},
{
"name": "GLSA-200710-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
},
{
"name": "oval:org.mitre.oval:def:10570",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570"
},
{
"name": "libvorbis-infoclear-code-execution(35623)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35623"
},
{
"name": "1018712",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018712"
},
{
"name": "26087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26087"
},
{
"name": "25082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25082"
},
{
"name": "20070726 libvorbis 1.1.2 - Multiple memory corruption flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474729/100/0/threaded"
},
{
"name": "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html",
"refsource": "CONFIRM",
"url": "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html"
},
{
"name": "24923",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24923"
},
{
"name": "26535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26535"
},
{
"name": "27439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27439"
},
{
"name": "ADV-2007-2698",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2698"
},
{
"name": "27099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27099"
},
{
"name": "26232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26232"
},
{
"name": "MDKSA-2007:167-1",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1"
},
{
"name": "26865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26865"
},
{
"name": "SUSE-SR:2007:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"name": "RHSA-2007:0845",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
}
]
}
}

34
2007/5xxx/CVE-2007-5286.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5286",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-5281. Reason: This candidate is a duplicate of CVE-2007-5281. Notes: All CVE users should reference CVE-2007-5281 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2007-5286",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-5281. Reason: This candidate is a duplicate of CVE-2007-5281. Notes: All CVE users should reference CVE-2007-5281 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

220
2007/5xxx/CVE-2007-5350.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5350",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving \"legacy reply paths.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-5350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST02299",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name" : "SSRT071506",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name" : "MS07-066",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-066"
},
{
"name" : "TA07-345A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name" : "VU#601073",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/601073"
},
{
"name" : "26757",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26757"
},
{
"name" : "ADV-2007-4182",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4182"
},
{
"name" : "oval:org.mitre.oval:def:3912",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3912"
},
{
"name" : "1019075",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019075"
},
{
"name" : "28015",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28015"
},
{
"name" : "win-vista-alpc-privilege-escalation(38729)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38729"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving \"legacy reply paths.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28015"
},
{
"name": "VU#601073",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/601073"
},
{
"name": "SSRT071506",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "win-vista-alpc-privilege-escalation(38729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38729"
},
{
"name": "1019075",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019075"
},
{
"name": "HPSBST02299",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "ADV-2007-4182",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4182"
},
{
"name": "MS07-066",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-066"
},
{
"name": "TA07-345A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name": "26757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26757"
},
{
"name": "oval:org.mitre.oval:def:3912",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3912"
}
]
}
}

150
2007/5xxx/CVE-2007-5801.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to \"Ajax pages.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=549763",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=549763"
},
{
"name" : "26292",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26292"
},
{
"name" : "42035",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42035"
},
{
"name" : "27426",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27426"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to \"Ajax pages.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=549763",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=549763"
},
{
"name": "26292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26292"
},
{
"name": "42035",
"refsource": "OSVDB",
"url": "http://osvdb.org/42035"
},
{
"name": "27426",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27426"
}
]
}
}

160
2007/5xxx/CVE-2007-5820.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4599",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4599"
},
{
"name" : "26306",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26306"
},
{
"name" : "ADV-2007-3749",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3749"
},
{
"name" : "39021",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39021"
},
{
"name" : "axdcms-index-file-include(38224)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38224"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4599",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4599"
},
{
"name": "39021",
"refsource": "OSVDB",
"url": "http://osvdb.org/39021"
},
{
"name": "ADV-2007-3749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3749"
},
{
"name": "26306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26306"
},
{
"name": "axdcms-index-file-include(38224)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38224"
}
]
}
}

200
2015/3xxx/CVE-2015-3088.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3088",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-3088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37844",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37844/"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"
},
{
"name" : "GLSA-201505-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201505-02"
},
{
"name" : "RHSA-2015:1005",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1005.html"
},
{
"name" : "SUSE-SU-2015:0878",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html"
},
{
"name" : "openSUSE-SU-2015:0890",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html"
},
{
"name" : "openSUSE-SU-2015:0914",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html"
},
{
"name" : "74609",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74609"
},
{
"name" : "1032285",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032285"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032285",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032285"
},
{
"name": "SUSE-SU-2015:0878",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html"
},
{
"name": "openSUSE-SU-2015:0890",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html"
},
{
"name": "74609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74609"
},
{
"name": "37844",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37844/"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"
},
{
"name": "GLSA-201505-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201505-02"
},
{
"name": "openSUSE-SU-2015:0914",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html"
},
{
"name": "RHSA-2015:1005",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1005.html"
}
]
}
}

210
2015/3xxx/CVE-2015-3218.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3218",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[polkit-devel] 20150529 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"refsource" : "MLIST",
"url" : "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"name" : "[polkit-devel] 20150630 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"refsource" : "MLIST",
"url" : "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
},
{
"name" : "[polkit-devel] 20150702 polkit-0.113 released",
"refsource" : "MLIST",
"url" : "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name" : "FEDORA-2015-11058",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name" : "FEDORA-2015-11743",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name" : "openSUSE-SU-2015:1734",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name" : "openSUSE-SU-2015:1927",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name" : "USN-3717-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3717-1/"
},
{
"name" : "76086",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76086"
},
{
"name" : "1035023",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[polkit-devel] 20150529 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"name": "USN-3717-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3717-1/"
},
{
"name": "FEDORA-2015-11058",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "openSUSE-SU-2015:1927",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "FEDORA-2015-11743",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "76086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76086"
},
{
"name": "openSUSE-SU-2015:1734",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035023"
},
{
"name": "[polkit-devel] 20150630 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
}
]
}
}

34
2015/3xxx/CVE-2015-3571.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3571",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3571. Reason: This candidate is a duplicate of CVE-2014-3571. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-3571 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-3571",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3571. Reason: This candidate is a duplicate of CVE-2014-3571. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-3571 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

130
2015/6xxx/CVE-2015-6274.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150831 Cisco ASR 1000 Series Aggregation Services Routers Data-Plane Processing Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40708"
},
{
"name" : "1033437",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033437"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150831 Cisco ASR 1000 Series Aggregation Services Routers Data-Plane Processing Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40708"
},
{
"name": "1033437",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033437"
}
]
}
}

140
2015/6xxx/CVE-2015-6280.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6280",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk/cvrf/cisco-sa-20150923-sshpk_cvrf.xml",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk/cvrf/cisco-sa-20150923-sshpk_cvrf.xml"
},
{
"name" : "20150923 Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk"
},
{
"name" : "1033646",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033646"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033646",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033646"
},
{
"name": "20150923 Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk"
},
{
"name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk/cvrf/cisco-sa-20150923-sshpk_cvrf.xml",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk/cvrf/cisco-sa-20150923-sshpk_cvrf.xml"
}
]
}
}

34
2015/6xxx/CVE-2015-6441.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6441",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-6441",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

150
2015/6xxx/CVE-2015-6535.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6535",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150826 CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536334/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/133340/WordPress-YouTube-Embed-3.3.2-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133340/WordPress-YouTube-Embed-3.3.2-Cross-Site-Scripting.html"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8163",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8163"
},
{
"name" : "https://wordpress.org/plugins/youtube-embed/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/youtube-embed/changelog/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8163",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8163"
},
{
"name": "http://packetstormsecurity.com/files/133340/WordPress-YouTube-Embed-3.3.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133340/WordPress-YouTube-Embed-3.3.2-Cross-Site-Scripting.html"
},
{
"name": "https://wordpress.org/plugins/youtube-embed/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/youtube-embed/changelog/"
},
{
"name": "20150826 CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536334/100/0/threaded"
}
]
}
}

130
2015/6xxx/CVE-2015-6742.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6742",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150727 Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jul/120"
},
{
"name" : "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html",
"refsource" : "MISC",
"url" : "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150727 Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/120"
},
{
"name": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html",
"refsource": "MISC",
"url": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html"
}
]
}
}

250
2015/7xxx/CVE-2015-7645.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7645",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-7645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "38490",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/38490/"
},
{
"name" : "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/",
"refsource" : "MISC",
"url" : "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
},
{
"name" : "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"name" : "GLSA-201511-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201511-02"
},
{
"name" : "RHSA-2015:2024",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2024.html"
},
{
"name" : "RHSA-2015:1913",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1913.html"
},
{
"name" : "SUSE-SU-2015:1770",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html"
},
{
"name" : "SUSE-SU-2015:1771",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html"
},
{
"name" : "openSUSE-SU-2015:1768",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html"
},
{
"name" : "openSUSE-SU-2015:1781",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name" : "77081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77081"
},
{
"name" : "1033850",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033850"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1913",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1913.html"
},
{
"name": "38490",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38490/"
},
{
"name": "RHSA-2015:2024",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2024.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-05.html"
},
{
"name": "SUSE-SU-2015:1770",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html"
},
{
"name": "1033850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033850"
},
{
"name": "SUSE-SU-2015:1771",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html"
},
{
"name": "77081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77081"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-27.html"
},
{
"name": "GLSA-201511-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201511-02"
},
{
"name": "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html"
},
{
"name": "openSUSE-SU-2015:1768",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html"
},
{
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/",
"refsource": "MISC",
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
}
]
}
}

130
2015/7xxx/CVE-2015-7824.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7824",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://botan.randombit.net/security.html#id3",
"refsource" : "CONFIRM",
"url" : "https://botan.randombit.net/security.html#id3"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311613",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311613"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311613",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311613"
},
{
"name": "https://botan.randombit.net/security.html#id3",
"refsource": "CONFIRM",
"url": "https://botan.randombit.net/security.html#id3"
}
]
}
}

140
2015/7xxx/CVE-2015-7963.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7963",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/"
},
{
"name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf",
"refsource" : "MISC",
"url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf"
},
{
"name" : "https://safenet.gemalto.com/technical-support/security-updates/",
"refsource" : "CONFIRM",
"url" : "https://safenet.gemalto.com/technical-support/security-updates/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://safenet.gemalto.com/technical-support/security-updates/",
"refsource": "CONFIRM",
"url": "https://safenet.gemalto.com/technical-support/security-updates/"
},
{
"name": "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/",
"refsource": "MISC",
"url": "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/"
},
{
"name": "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf",
"refsource": "MISC",
"url": "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf"
}
]
}
}

220
2015/8xxx/CVE-2015-8629.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8629",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8341",
"refsource" : "CONFIRM",
"url" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8341"
},
{
"name" : "https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bb",
"refsource" : "CONFIRM",
"url" : "https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bb"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "DSA-3466",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3466"
},
{
"name" : "RHSA-2016:0493",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0493.html"
},
{
"name" : "RHSA-2016:0532",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0532.html"
},
{
"name" : "openSUSE-SU-2016:0406",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html"
},
{
"name" : "openSUSE-SU-2016:0501",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html"
},
{
"name" : "82801",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/82801"
},
{
"name" : "1034914",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034914"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3466",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3466"
},
{
"name": "82801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82801"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "openSUSE-SU-2016:0406",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html"
},
{
"name": "RHSA-2016:0493",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0493.html"
},
{
"name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8341",
"refsource": "CONFIRM",
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8341"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "1034914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034914"
},
{
"name": "RHSA-2016:0532",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0532.html"
},
{
"name": "https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bb",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bb"
},
{
"name": "openSUSE-SU-2016:0501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html"
}
]
}
}

150
2016/0xxx/CVE-2016-0280.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-0280",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server Framework and InfoSphere Information Server Business Glossary 9.1 before 9.1.2.0, Information Server Framework and InfoSphere Information Governance Catalog 11.3 before 11.3.1.2, and Information Server Framework and InfoSphere Information Governance Catalog 11.5 before 11.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21981766",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21981766"
},
{
"name" : "JR55452",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55452"
},
{
"name" : "92133",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92133"
},
{
"name" : "1036418",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036418"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server Framework and InfoSphere Information Server Business Glossary 9.1 before 9.1.2.0, Information Server Framework and InfoSphere Information Governance Catalog 11.3 before 11.3.1.2, and Information Server Framework and InfoSphere Information Governance Catalog 11.5 before 11.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036418",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036418"
},
{
"name": "JR55452",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55452"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21981766",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981766"
},
{
"name": "92133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92133"
}
]
}
}

130
2016/0xxx/CVE-2016-0560.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0560",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0552, and CVE-2016-0559."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-0560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name" : "1034726",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034726"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0552, and CVE-2016-0559."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "1034726",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034726"
}
]
}
}

140
2016/0xxx/CVE-2016-0847.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0847",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-0847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-04-02.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"name" : "https://android.googlesource.com/platform/packages/services/Telecomm/+/2750faaa1ec819eed9acffea7bd3daf867fda444",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/packages/services/Telecomm/+/2750faaa1ec819eed9acffea7bd3daf867fda444"
},
{
"name" : "https://android.googlesource.com/platform/packages/services/Telephony/+/a294ae5342410431a568126183efe86261668b5d",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/packages/services/Telephony/+/a294ae5342410431a568126183efe86261668b5d"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/packages/services/Telephony/+/a294ae5342410431a568126183efe86261668b5d",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/packages/services/Telephony/+/a294ae5342410431a568126183efe86261668b5d"
},
{
"name": "https://android.googlesource.com/platform/packages/services/Telecomm/+/2750faaa1ec819eed9acffea7bd3daf867fda444",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/2750faaa1ec819eed9acffea7bd3daf867fda444"
},
{
"name": "http://source.android.com/security/bulletin/2016-04-02.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
}
]
}
}

130
2016/1000xxx/CVE-2016-1000220.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@elastic.co",
"ID" : "CVE-2016-1000220",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Kibana",
"version" : {
"version_data" : [
{
"version_value" : "before 4.5.4 and 4.1.11"
}
]
}
}
]
},
"vendor_name" : "Elastic"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79: Improper Neutralization of Input During Web Page Generation"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.elastic.co/community/security",
"refsource" : "CONFIRM",
"url" : "https://www.elastic.co/community/security"
},
{
"name" : "99179",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99179"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99179"
},
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
}
]
}
}

170
2016/1xxx/CVE-2016-1020.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-1020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
},
{
"name" : "RHSA-2016:0610",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
},
{
"name" : "SUSE-SU-2016:1305",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
},
{
"name" : "openSUSE-SU-2016:1306",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
},
{
"name" : "85932",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/85932"
},
{
"name" : "1035509",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035509"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1305",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
},
{
"name": "openSUSE-SU-2016:1306",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
},
{
"name": "RHSA-2016:0610",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
},
{
"name": "85932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85932"
},
{
"name": "1035509",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035509"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
}
]
}
}

150
2016/1xxx/CVE-2016-1068.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-1068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-316",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-316"
},
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
},
{
"name" : "90512",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90512"
},
{
"name" : "1035828",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035828"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90512"
},
{
"name": "1035828",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035828"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-316",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-316"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
}
]
}
}

210
2016/1xxx/CVE-2016-1699.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
},
{
"name" : "https://codereview.chromium.org/2010783002",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/2010783002"
},
{
"name" : "https://crbug.com/607939",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/607939"
},
{
"name" : "DSA-3594",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3594"
},
{
"name" : "RHSA-2016:1201",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1201"
},
{
"name" : "SUSE-SU-2016:1490",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html"
},
{
"name" : "openSUSE-SU-2016:1489",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html"
},
{
"name" : "openSUSE-SU-2016:1496",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"name" : "USN-2992-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name" : "1036026",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036026"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.chromium.org/2010783002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2010783002"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
},
{
"name": "RHSA-2016:1201",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1201"
},
{
"name": "1036026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036026"
},
{
"name": "https://crbug.com/607939",
"refsource": "CONFIRM",
"url": "https://crbug.com/607939"
},
{
"name": "openSUSE-SU-2016:1496",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"name": "USN-2992-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "DSA-3594",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3594"
},
{
"name": "SUSE-SU-2016:1490",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html"
},
{
"name": "openSUSE-SU-2016:1489",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html"
}
]
}
}

150
2016/4xxx/CVE-2016-4397.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"ID" : "CVE-2016-4397",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HP Network Node Manager (NNMi)",
"version" : {
"version_data" : [
{
"version_value" : "v10.00, v10.10 and v10.20"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "local code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2016-4397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HP Network Node Manager (NNMi)",
"version": {
"version_data": [
{
"version_value": "v10.00, v10.10 and v10.20"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05325811",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05325811"
},
{
"name" : "94154",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94154"
},
{
"name" : "95080",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95080"
},
{
"name" : "1037234",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037234"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037234",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037234"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05325811",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05325811"
},
{
"name": "94154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94154"
},
{
"name": "95080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95080"
}
]
}
}

130
2016/4xxx/CVE-2016-4791.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4791",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40210",
"refsource" : "CONFIRM",
"url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40210"
},
{
"name" : "1035932",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035932"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035932",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035932"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40210",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40210"
}
]
}
}

140
2016/5xxx/CVE-2016-5031.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5031",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf & dwarfdump",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name" : "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf & dwarfdump",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"name" : "https://www.prevanders.net/dwarfbug.html",
"refsource" : "CONFIRM",
"url" : "https://www.prevanders.net/dwarfbug.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf & dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf & dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}

246
2016/5xxx/CVE-2016-5297.json
View File

@ -1,125 +1,125 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2016-5297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.5"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.5"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "50"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect argument length checking in JavaScript"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.5"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.5"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "50"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1303678",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1303678"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-90/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-90/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-93/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name" : "DSA-3730",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2016/dsa-3730"
},
{
"name" : "GLSA-201701-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-15"
},
{
"name" : "RHSA-2016:2780",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"name" : "94336",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94336"
},
{
"name" : "1037298",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037298"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect argument length checking in JavaScript"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3730",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1303678",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1303678"
},
{
"name": "94336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94336"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-93/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "RHSA-2016:2780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-90/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
]
}
}

140
2016/5xxx/CVE-2016-5947.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5947",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988625",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988625"
},
{
"name" : "IT16944",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16944"
},
{
"name" : "93085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93085"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93085"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988625",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988625"
},
{
"name": "IT16944",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16944"
}
]
}
}

130
2016/5xxx/CVE-2016-5977.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990216",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990216"
},
{
"name" : "93139",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93139"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990216",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990216"
},
{
"name": "93139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93139"
}
]
}
}

34
2019/0xxx/CVE-2019-0162.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0162",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0162",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0326.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0326",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0326",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

216
2019/0xxx/CVE-2019-0658.json
View File

@ -1,110 +1,110 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2019-0658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"version_value" : "Windows Server 2019"
},
{
"version_value" : "Windows 10 Version 1709 for ARM64-based Systems"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0648."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"version_value": "Windows Server 2019"
},
{
"version_value": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
}
},
{
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658"
},
{
"name" : "106882",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106882"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0648."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658"
},
{
"name": "106882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106882"
}
]
}
}

34
2019/0xxx/CVE-2019-0677.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0677",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0677",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0811.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0811",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0811",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1173.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1173",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1173",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2019/1xxx/CVE-2019-1641.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-23T16:00:00-0800",
"ID" : "CVE-2019-1641",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco WebEx WRF Player ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "7.8",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-119"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-23T16:00:00-0800",
"ID": "CVE-2019-1641",
"STATE": "PUBLIC",
"TITLE": "Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx WRF Player ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190123 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce"
},
{
"name" : "106704",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106704"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190123-webex-rce",
"defect" : [
[
"CSCvm65148",
"CSCvm65207",
"CSCvm65741",
"CSCvm65747",
"CSCvm65794",
"CSCvm65798",
"CSCvm86137",
"CSCvm86143",
"CSCvm86148",
"CSCvm86157",
"CSCvm86160",
"CSCvm86165"
]
],
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190123 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce"
},
{
"name": "106704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106704"
}
]
},
"source": {
"advisory": "cisco-sa-20190123-webex-rce",
"defect": [
[
"CSCvm65148",
"CSCvm65207",
"CSCvm65741",
"CSCvm65747",
"CSCvm65794",
"CSCvm65798",
"CSCvm86137",
"CSCvm86143",
"CSCvm86148",
"CSCvm86157",
"CSCvm86160",
"CSCvm86165"
]
],
"discovery": "INTERNAL"
}
}

34
2019/1xxx/CVE-2019-1824.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1824",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1824",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1906.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1906",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1906",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/3xxx/CVE-2019-3083.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3083",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3083",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/3xxx/CVE-2019-3541.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3541",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3541",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2019/3xxx/CVE-2019-3912.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2019-01-24T00:00:00",
"ID" : "CVE-2019-3912",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LabKey Server Community Edition",
"version" : {
"version_data" : [
{
"version_value" : "Versions before 18.3.0-61806.763"
}
]
}
}
]
},
"vendor_name" : "Tenable"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-601 Open Redirect"
}
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2019-01-24T00:00:00",
"ID": "CVE-2019-3912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LabKey Server Community Edition",
"version": {
"version_data": [
{
"version_value": "Versions before 18.3.0-61806.763"
}
]
}
}
]
},
"vendor_name": "Tenable"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2019-03",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2019-03"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-03",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-03"
}
]
}
}

34
2019/4xxx/CVE-2019-4262.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4262",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4262",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4546.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4546",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4546",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4929.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4929",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4929",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4935.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4935",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4935",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/8xxx/CVE-2019-8028.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8028",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8028",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/8xxx/CVE-2019-8467.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8467",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8467",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/8xxx/CVE-2019-8480.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8480",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8480",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/8xxx/CVE-2019-8761.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8761",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8761",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2019/9xxx/CVE-2019-9151.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/magicSwordsMan/PAAFS/tree/master/vul7",
"refsource" : "MISC",
"url" : "https://github.com/magicSwordsMan/PAAFS/tree/master/vul7"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/magicSwordsMan/PAAFS/tree/master/vul7",
"refsource": "MISC",
"url": "https://github.com/magicSwordsMan/PAAFS/tree/master/vul7"
}
]
}
}