admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:40:36 +00:00
parent 8cff61aaed
commit 951c931f60
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 3706 additions and 3706 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/0xxx/CVE-1999-0780.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-0780", "ID": "CVE-1999-0780",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19981118 Multiple KDE security vulnerabilities (root compromise)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=91141486301691&w=2" "lang": "eng",
} "value": "KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19981118 Multiple KDE security vulnerabilities (root compromise)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=91141486301691&w=2"
}
]
}
}

130
1999/1xxx/CVE-1999-1144.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1144", "ID": "CVE-1999-1144",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBUX9701-051", "description_data": [
"refsource" : "HP", {
"url" : "http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-051.html" "lang": "eng",
}, "value": "Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges."
{ }
"name" : "hp-mpower(2056)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2056" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBUX9701-051",
"refsource": "HP",
"url": "http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-051.html"
},
{
"name": "hp-mpower(2056)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2056"
}
]
}
}

140
1999/1xxx/CVE-1999-1235.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1235", "ID": "CVE-1999-1235",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing (\"shoulder surfing\") another user to read the information from the status bar when the user moves the mouse over a link."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19990331 Minor Bug in IE5.0", "description_data": [
"refsource" : "NTBUGTRAQ", {
"url" : "http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind9904&L=NTBUGTRAQ&P=R179" "lang": "eng",
}, "value": "Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing (\"shoulder surfing\") another user to read the information from the status bar when the user moves the mouse over a link."
{ }
"name" : "19990825 IE5 FTP password exposure & index.dat null ACL problem", ]
"refsource" : "NTBUGTRAQ", },
"url" : "http://packetderm.cotse.com/mailing-lists/ntbugtraq/1999/0364.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "nt-ie5-user-ftp-password(3289)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3289" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "19990825 IE5 FTP password exposure & index.dat null ACL problem",
"refsource": "NTBUGTRAQ",
"url": "http://packetderm.cotse.com/mailing-lists/ntbugtraq/1999/0364.html"
},
{
"name": "nt-ie5-user-ftp-password(3289)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3289"
},
{
"name": "19990331 Minor Bug in IE5.0",
"refsource": "NTBUGTRAQ",
"url": "http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind9904&L=NTBUGTRAQ&P=R179"
}
]
}
}

150
2000/1xxx/CVE-2000-1207.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-1207", "ID": "CVE-2000-1207",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000930 glibc and userhelper - local root", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=97034397026473&w=2" "lang": "eng",
}, "value": "userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844)."
{ }
"name" : "RHSA-2000:075", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2000-075.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2000:059", "description": [
"refsource" : "MANDRAKE", {
"url" : "http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-059.php3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20001003 SuSE: userhelper/usermode", ]
"refsource" : "BUGTRAQ", }
"url" : "http://marc.info/?l=bugtraq&m=97063854808796&w=2" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20001003 SuSE: userhelper/usermode",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=97063854808796&w=2"
},
{
"name": "20000930 glibc and userhelper - local root",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=97034397026473&w=2"
},
{
"name": "RHSA-2000:075",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-075.html"
},
{
"name": "MDKSA-2000:059",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-059.php3"
}
]
}
}

140
2005/2xxx/CVE-2005-2505.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2505", "ID": "CVE-2005-2505",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2005-08-15", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" "lang": "eng",
}, "value": "Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation."
{ }
"name" : "APPLE-SA-2005-08-17", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1014697", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014697" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1014697",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014697"
},
{
"name": "APPLE-SA-2005-08-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "APPLE-SA-2005-08-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
}
]
}
}

250
2005/2xxx/CVE-2005-2800.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2800", "ID": "CVE-2005-2800",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=729d70f5dfd663b44bca68a4479c96bde7e535d6", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=729d70f5dfd663b44bca68a4479c96bde7e535d6" "lang": "eng",
}, "value": "Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error."
{ }
"name" : "DSA-1017", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2006/dsa-1017" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FLSA:157459-3", "description": [
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2005:218", ]
"refsource" : "MANDRAKE", }
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218" ]
}, },
{ "references": {
"name" : "MDKSA-2005:219", "reference_data": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219" "name": "14790",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/14790"
"name" : "MDKSA-2005:220", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220" "name": "MDKSA-2005:220",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220"
"name" : "RHSA-2006:0101", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0101.html" "name": "RHSA-2006:0101",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0101.html"
"name" : "SUSE-SA:2005:068", },
"refsource" : "SUSE", {
"url" : "http://www.securityfocus.com/archive/1/419522/100/0/threaded" "name": "SUSE-SA:2005:068",
}, "refsource": "SUSE",
{ "url": "http://www.securityfocus.com/archive/1/419522/100/0/threaded"
"name" : "14790", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14790" "name": "oval:org.mitre.oval:def:9954",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9954"
"name" : "oval:org.mitre.oval:def:9954", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9954" "name": "18510",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18510"
"name" : "17918", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17918" "name": "MDKSA-2005:218",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218"
"name" : "18510", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18510" "name": "17826",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17826"
"name" : "17826", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17826" "name": "17918",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17918"
"name" : "19374", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19374" "name": "FLSA:157459-3",
} "refsource": "FEDORA",
] "url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
} },
} {
"name": "DSA-1017",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1017"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=729d70f5dfd663b44bca68a4479c96bde7e535d6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=729d70f5dfd663b44bca68a4479c96bde7e535d6"
},
{
"name": "MDKSA-2005:219",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219"
},
{
"name": "19374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19374"
}
]
}
}

210
2007/1xxx/CVE-2007-1343.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-1343", "ID": "CVE-2007-1343",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[webcalendar-announce] 20070304 Announce: Release 1.0.5 (security patch)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=31840112&forum_id=46247" "lang": "eng",
}, "value": "includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues."
{ }
"name" : "http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=491130", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=491130" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?view=log", "description": [
"refsource" : "CONFIRM", {
"url" : "http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?view=log" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?r1=1.211.2.7&r2=1.211.2.8", ]
"refsource" : "CONFIRM", }
"url" : "http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?r1=1.211.2.7&r2=1.211.2.8" ]
}, },
{ "references": {
"name" : "DSA-1267", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2007/dsa-1267" "name": "ADV-2007-0851",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/0851"
"name" : "22834", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/22834" "name": "http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?view=log",
}, "refsource": "CONFIRM",
{ "url": "http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?view=log"
"name" : "ADV-2007-0851", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/0851" "name": "http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=491130",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=491130"
"name" : "24403", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24403" "name": "24519",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/24519"
"name" : "24519", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24519" "name": "22834",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/22834"
"name" : "webcalendar-noset-variable-overwrite(32832)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32832" "name": "DSA-1267",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2007/dsa-1267"
} },
} {
"name": "http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?r1=1.211.2.7&r2=1.211.2.8",
"refsource": "CONFIRM",
"url": "http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?r1=1.211.2.7&r2=1.211.2.8"
},
{
"name": "webcalendar-noset-variable-overwrite(32832)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32832"
},
{
"name": "24403",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24403"
},
{
"name": "[webcalendar-announce] 20070304 Announce: Release 1.0.5 (security patch)",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=31840112&forum_id=46247"
}
]
}
}

160
2007/1xxx/CVE-2007-1807.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-1807", "ID": "CVE-2007-1807",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "3632", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/3632" "lang": "eng",
}, "value": "SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter."
{ }
"name" : "23229", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/23229" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-1202", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1202" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34465", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/34465" ]
}, },
{ "references": {
"name" : "xoops-myalbump-viewcat-sql-injection(33371)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33371" "name": "23229",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/23229"
} },
} {
"name": "ADV-2007-1202",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1202"
},
{
"name": "34465",
"refsource": "OSVDB",
"url": "http://osvdb.org/34465"
},
{
"name": "xoops-myalbump-viewcat-sql-injection(33371)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33371"
},
{
"name": "3632",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3632"
}
]
}
}

160
2007/1xxx/CVE-2007-1832.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-1832", "ID": "CVE-2007-1832",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by \"using percent encoding in forms.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=252", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=252" "lang": "eng",
}, "value": "web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by \"using percent encoding in forms.\""
{ }
"name" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=254", ]
"refsource" : "CONFIRM", },
"url" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=254" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20070322 WebAPP Audit", "description": [
"refsource" : "VIM", {
"url" : "http://www.attrition.org/pipermail/vim/2007-March/001455.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-0720", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/0720" ]
}, },
{ "references": {
"name" : "24227", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24227" "name": "ADV-2007-0720",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2007/0720"
} },
} {
"name": "20070322 WebAPP Audit",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-March/001455.html"
},
{
"name": "24227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24227"
},
{
"name": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=252",
"refsource": "CONFIRM",
"url": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=252"
},
{
"name": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=254",
"refsource": "CONFIRM",
"url": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=254"
}
]
}
}

160
2007/1xxx/CVE-2007-1838.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-1838", "ID": "CVE-2007-1838",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070329 Xoops Module Friendfinder <= 3.3 (view.php id) BLIND SQL Injection Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/464153/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "3597", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/3597" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "23184", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/23184" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-1146", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/1146" ]
}, },
{ "references": {
"name" : "xoops-friendfinder-view-sql-injection(33292)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33292" "name": "3597",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/3597"
} },
} {
"name": "20070329 Xoops Module Friendfinder <= 3.3 (view.php id) BLIND SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464153/100/0/threaded"
},
{
"name": "23184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23184"
},
{
"name": "ADV-2007-1146",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1146"
},
{
"name": "xoops-friendfinder-view-sql-injection(33292)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33292"
}
]
}
}

160
2007/5xxx/CVE-2007-5486.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-5486", "ID": "CVE-2007-5486",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.dotproject.net/view.php?id=1910", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.dotproject.net/view.php?id=1910" "lang": "eng",
}, "value": "dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information."
{ }
"name" : "http://docs.dotproject.net/index.php/Closed_Issues_/_Feature_Requests_-_2.1", ]
"refsource" : "CONFIRM", },
"url" : "http://docs.dotproject.net/index.php/Closed_Issues_/_Feature_Requests_-_2.1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "26080", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/26080" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "27191", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/27191" ]
}, },
{ "references": {
"name" : "dotproject-companies-security-bypass(37202)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37202" "name": "26080",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/26080"
} },
} {
"name": "27191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27191"
},
{
"name": "dotproject-companies-security-bypass(37202)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37202"
},
{
"name": "http://bugs.dotproject.net/view.php?id=1910",
"refsource": "CONFIRM",
"url": "http://bugs.dotproject.net/view.php?id=1910"
},
{
"name": "http://docs.dotproject.net/index.php/Closed_Issues_/_Feature_Requests_-_2.1",
"refsource": "CONFIRM",
"url": "http://docs.dotproject.net/index.php/Closed_Issues_/_Feature_Requests_-_2.1"
}
]
}
}

200
2007/5xxx/CVE-2007-5523.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-5523", "ID": "CVE-2007-5523",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS08."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS08."
{ }
"name" : "HPSBMA02133", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=119332677525918&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT061201", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=119332677525918&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA07-290A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-290A.html" ]
}, },
{ "references": {
"name" : "ADV-2007-3524", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3524" "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html"
"name" : "ADV-2007-3626", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3626" "name": "ADV-2007-3524",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/3524"
"name" : "1018823", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018823" "name": "ADV-2007-3626",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/3626"
"name" : "27251", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27251" "name": "TA07-290A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA07-290A.html"
"name" : "27409", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27409" "name": "SSRT061201",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=119332677525918&w=2"
} },
} {
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=119332677525918&w=2"
},
{
"name": "1018823",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018823"
},
{
"name": "27409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27409"
},
{
"name": "27251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27251"
}
]
}
}

34
2007/5xxx/CVE-2007-5680.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-5680", "ID": "CVE-2007-5680",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2009/2xxx/CVE-2009-2083.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2083", "ID": "CVE-2009-2083",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via \"Parent and related terms.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability", "description_data": [
"refsource" : "MISC", {
"url" : "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via \"Parent and related terms.\""
{ }
"name" : "http://drupal.org/node/487620", ]
"refsource" : "CONFIRM", },
"url" : "http://drupal.org/node/487620" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupal.org/node/487818", "description": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/487818" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35286", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/35286" ]
}, },
{ "references": {
"name" : "35391", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35391" "name": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability",
} "refsource": "MISC",
] "url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
} },
} {
"name": "http://drupal.org/node/487620",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/487620"
},
{
"name": "35391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35391"
},
{
"name": "35286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35286"
},
{
"name": "http://drupal.org/node/487818",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/487818"
}
]
}
}

140
2015/3xxx/CVE-2015-3365.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-3365", "ID": "CVE-2015-3365",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150129 Re: CVEs for Drupal contributed modules - January 2015", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/01/29/6" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block."
{ }
"name" : "https://www.drupal.org/node/2407401", ]
"refsource" : "MISC", },
"url" : "https://www.drupal.org/node/2407401" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "72120", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72120" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "72120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72120"
},
{
"name": "https://www.drupal.org/node/2407401",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2407401"
},
{
"name": "[oss-security] 20150129 Re: CVEs for Drupal contributed modules - January 2015",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/29/6"
}
]
}
}

140
2015/3xxx/CVE-2015-3374.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-3374", "ID": "CVE-2015-3374",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable corners via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150129 Re: CVEs for Drupal contributed modules - January 2015", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/01/29/6" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable corners via unspecified vectors."
{ }
"name" : "https://www.drupal.org/node/2411741", ]
"refsource" : "MISC", },
"url" : "https://www.drupal.org/node/2411741" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "74275", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/74275" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2411741",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2411741"
},
{
"name": "74275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74275"
},
{
"name": "[oss-security] 20150129 Re: CVEs for Drupal contributed modules - January 2015",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/29/6"
}
]
}
}

34
2015/3xxx/CVE-2015-3598.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-3598", "ID": "CVE-2015-3598",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2015/3xxx/CVE-2015-3662.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-3662", "ID": "CVE-2015-3662",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT204942", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT204942" "lang": "eng",
}, "value": "QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668."
{ }
"name" : "http://support.apple.com/kb/HT204947", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT204947" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2015-06-30-2", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-06-30-5", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html" ]
}, },
{ "references": {
"name" : "75493", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75493" "name": "http://support.apple.com/kb/HT204947",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT204947"
"name" : "1032756", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032756" "name": "APPLE-SA-2015-06-30-2",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
} },
} {
"name": "75493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75493"
},
{
"name": "1032756",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032756"
},
{
"name": "http://support.apple.com/kb/HT204942",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "APPLE-SA-2015-06-30-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html"
}
]
}
}

230
2015/4xxx/CVE-2015-4171.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4171", "ID": "CVE-2015-4171",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150529 Re: StrongSwan VPN client for Android leaks username to rouge server", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/05/29/7" "lang": "eng",
}, "value": "strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses."
{ }
"name" : "[oss-security] 20150529 StrongSwan VPN client for Android leaks username to rouge server", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2015/05/29/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20150608 Re: StrongSwan VPN client for Android leaks username to rouge server", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/06/08/4" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://play.google.com/store/apps/details?id=org.strongswan.android", ]
"refsource" : "CONFIRM", }
"url" : "https://play.google.com/store/apps/details?id=org.strongswan.android" ]
}, },
{ "references": {
"name" : "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html" "name": "1032514",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1032514"
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=933591", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=933591" "name": "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html",
}, "refsource": "CONFIRM",
{ "url": "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html"
"name" : "https://www.suse.com/security/cve/CVE-2015-4171.html", },
"refsource" : "CONFIRM", {
"url" : "https://www.suse.com/security/cve/CVE-2015-4171.html" "name": "openSUSE-SU-2015:1082",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00040.html"
"name" : "DSA-3282", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3282" "name": "[oss-security] 20150608 Re: StrongSwan VPN client for Android leaks username to rouge server",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2015/06/08/4"
"name" : "openSUSE-SU-2015:1082", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-06/msg00040.html" "name": "https://www.suse.com/security/cve/CVE-2015-4171.html",
}, "refsource": "CONFIRM",
{ "url": "https://www.suse.com/security/cve/CVE-2015-4171.html"
"name" : "USN-2628-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2628-1" "name": "[oss-security] 20150529 StrongSwan VPN client for Android leaks username to rouge server",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2015/05/29/6"
"name" : "74933", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/74933" "name": "[oss-security] 20150529 Re: StrongSwan VPN client for Android leaks username to rouge server",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2015/05/29/7"
"name" : "1032514", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032514" "name": "https://play.google.com/store/apps/details?id=org.strongswan.android",
} "refsource": "CONFIRM",
] "url": "https://play.google.com/store/apps/details?id=org.strongswan.android"
} },
} {
"name": "USN-2628-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2628-1"
},
{
"name": "DSA-3282",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3282"
},
{
"name": "74933",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74933"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=933591",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=933591"
}
]
}
}

130
2015/4xxx/CVE-2015-4857.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-4857", "ID": "CVE-2015-4857",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the RDBMS component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the RDBMS component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
{ }
"name" : "1033883", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1033883" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033883",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033883"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
}
]
}
}

160
2015/4xxx/CVE-2015-4890.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-4890", "ID": "CVE-2015-4890",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication."
{ }
"name" : "RHSA-2016:0705", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0705.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-2781-1", "description": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2781-1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "77231", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/77231" ]
}, },
{ "references": {
"name" : "1033894", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033894" "name": "1033894",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1033894"
} },
} {
"name": "USN-2781-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2781-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "RHSA-2016:0705",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0705.html"
},
{
"name": "77231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77231"
}
]
}
}

130
2015/4xxx/CVE-2015-4922.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-4922", "ID": "CVE-2015-4922",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Boot."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Boot."
{ }
"name" : "1034735", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1034735" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "1034735",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034735"
}
]
}
}

200
2015/7xxx/CVE-2015-7002.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-7002", "ID": "CVE-2015-7002",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205370", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205370" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5."
{ }
"name" : "https://support.apple.com/HT205372", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT205372" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT205377", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205377" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-10-21-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2015-10-21-3", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html" "name": "APPLE-SA-2015-10-21-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
"name" : "APPLE-SA-2015-10-21-5", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html" "name": "77267",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/77267"
"name" : "openSUSE-SU-2016:0761", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" "name": "https://support.apple.com/HT205370",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT205370"
"name" : "77267", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/77267" "name": "openSUSE-SU-2016:0761",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
"name" : "1033929", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033929" "name": "https://support.apple.com/HT205372",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT205372"
} },
} {
"name": "APPLE-SA-2015-10-21-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html"
},
{
"name": "APPLE-SA-2015-10-21-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html"
},
{
"name": "https://support.apple.com/HT205377",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205377"
},
{
"name": "1033929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033929"
}
]
}
}

150
2015/7xxx/CVE-2015-7993.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-7993", "ID": "CVE-2015-7993",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to \"HTTP Login,\" aka SAP Security Note 2197397."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20151109 [Onapsis Security Advisory 2015-043] SAP HANA Remote Code Execution (HTTP Login based)", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2015/Nov/39" "lang": "eng",
}, "value": "The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to \"HTTP Login,\" aka SAP Security Note 2197397."
{ }
"name" : "http://packetstormsecurity.com/files/134286/SAP-HANA-HTTP-Login-Remote-Code-Execution.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/134286/SAP-HANA-HTTP-Login-Remote-Code-Execution.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.onapsis.com/blog/analyzing-sap-security-notes-september-2015", "description": [
"refsource" : "MISC", {
"url" : "https://www.onapsis.com/blog/analyzing-sap-security-notes-september-2015" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Code_Execution_HTTP_based", ]
"refsource" : "MISC", }
"url" : "https://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Code_Execution_HTTP_based" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://packetstormsecurity.com/files/134286/SAP-HANA-HTTP-Login-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134286/SAP-HANA-HTTP-Login-Remote-Code-Execution.html"
},
{
"name": "20151109 [Onapsis Security Advisory 2015-043] SAP HANA Remote Code Execution (HTTP Login based)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Nov/39"
},
{
"name": "https://www.onapsis.com/blog/analyzing-sap-security-notes-september-2015",
"refsource": "MISC",
"url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-september-2015"
},
{
"name": "https://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Code_Execution_HTTP_based",
"refsource": "MISC",
"url": "https://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Code_Execution_HTTP_based"
}
]
}
}

34
2015/8xxx/CVE-2015-8752.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2015-8752", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2015-8752",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
} }
] ]
} }
} }

210
2015/8xxx/CVE-2015-8805.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-8805", "ID": "CVE-2015-8805",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160202 Miscomputations of elliptic curve scalar multiplications in Nettle", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/02/02/2" "lang": "eng",
}, "value": "The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803."
{ }
"name" : "[oss-security] 20160202 Re: Miscomputations of elliptic curve scalar multiplications in Nettle", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/02/03/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html", "description": [
"refsource" : "MISC", {
"url" : "https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d", ]
"refsource" : "CONFIRM", }
"url" : "https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d" ]
}, },
{ "references": {
"name" : "RHSA-2016:2582", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2582.html" "name": "openSUSE-SU-2016:0486",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00100.html"
"name" : "openSUSE-SU-2016:0475", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html" "name": "https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html",
}, "refsource": "MISC",
{ "url": "https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html"
"name" : "openSUSE-SU-2016:0477", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00093.html" "name": "openSUSE-SU-2016:0477",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00093.html"
"name" : "openSUSE-SU-2016:0486", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00100.html" "name": "https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d",
}, "refsource": "CONFIRM",
{ "url": "https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d"
"name" : "USN-2897-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2897-1" "name": "USN-2897-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2897-1"
"name" : "84272", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/84272" "name": "openSUSE-SU-2016:0475",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html"
} },
} {
"name": "[oss-security] 20160202 Miscomputations of elliptic curve scalar multiplications in Nettle",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/02/2"
},
{
"name": "RHSA-2016:2582",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2582.html"
},
{
"name": "84272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84272"
},
{
"name": "[oss-security] 20160202 Re: Miscomputations of elliptic curve scalar multiplications in Nettle",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/03/1"
}
]
}
}

220
2015/8xxx/CVE-2015-8919.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-8919", "ID": "CVE-2015-8919",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160617 Many invalid memory access issues in libarchive", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/06/17/2" "lang": "eng",
}, "value": "The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file."
{ }
"name" : "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/06/17/5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", "description": [
"refsource" : "MISC", {
"url" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/libarchive/libarchive/issues/510", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/libarchive/libarchive/issues/510" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" "name": "91302",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/91302"
"name" : "DSA-3657", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3657" "name": "USN-3033-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-3033-1"
"name" : "GLSA-201701-03", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201701-03" "name": "RHSA-2016:1844",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html"
"name" : "RHSA-2016:1844", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1844.html" "name": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html",
}, "refsource": "MISC",
{ "url": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html"
"name" : "SUSE-SU-2016:1909", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
"name" : "USN-3033-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3033-1" "name": "SUSE-SU-2016:1909",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html"
"name" : "91302", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91302" "name": "https://github.com/libarchive/libarchive/issues/510",
} "refsource": "CONFIRM",
] "url": "https://github.com/libarchive/libarchive/issues/510"
} },
} {
"name": "[oss-security] 20160617 Many invalid memory access issues in libarchive",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/17/2"
},
{
"name": "GLSA-201701-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-03"
},
{
"name": "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/17/5"
},
{
"name": "DSA-3657",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3657"
}
]
}
}

132
2015/9xxx/CVE-2015-9204.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2015-9204", "ID": "CVE-2015-9204",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Mobile, Snapdragon Wear", "product_name": "Snapdragon Mobile, Snapdragon Wear",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, SD 810" "version_value": "MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, SD 810"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, if cchFriendlyName is greater than TZ_PR_MAX_NAME_LEN in function playready_leavedomain_generate_challenge(), a buffer overread occurs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Over-Read in Core."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-04-01" "lang": "eng",
}, "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, if cchFriendlyName is greater than TZ_PR_MAX_NAME_LEN in function playready_leavedomain_generate_challenge(), a buffer overread occurs."
{ }
"name" : "103671", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103671" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Buffer Over-Read in Core."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

130
2016/1xxx/CVE-2016-1294.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-1294", "ID": "CVE-2016-1294",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160115 Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094."
{ }
"name" : "1034690", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1034690" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034690",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034690"
},
{
"name": "20160115 Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1"
}
]
}
}

120
2016/1xxx/CVE-2016-1343.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-1343", "ID": "CVE-2016-1343",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160428 Cisco Information Server XML Parser Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis" "lang": "eng",
} "value": "The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160428 Cisco Information Server XML Parser Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
}
]
}
}

140
2016/1xxx/CVE-2016-1351.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-1351", "ID": "CVE-2016-1351",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160323 Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-lisp" "lang": "eng",
}, "value": "The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279."
{ }
"name" : "1035383", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1035383" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1035384", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035384" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1035384",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035384"
},
{
"name": "1035383",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035383"
},
{
"name": "20160323 Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-lisp"
}
]
}
}

220
2016/1xxx/CVE-2016-1638.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2016-1638", "ID": "CVE-2016-1638",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html" "lang": "eng",
}, "value": "extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=585282", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=585282" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://codereview.chromium.org/1744623002", "description": [
"refsource" : "CONFIRM", {
"url" : "https://codereview.chromium.org/1744623002" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3507", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2016/dsa-3507" ]
}, },
{ "references": {
"name" : "GLSA-201603-09", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201603-09" "name": "https://code.google.com/p/chromium/issues/detail?id=585282",
}, "refsource": "CONFIRM",
{ "url": "https://code.google.com/p/chromium/issues/detail?id=585282"
"name" : "SUSE-SU-2016:0665", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html" "name": "openSUSE-SU-2016:0664",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"
"name" : "openSUSE-SU-2016:0664", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html" "name": "openSUSE-SU-2016:0684",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"
"name" : "openSUSE-SU-2016:0684", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html" "name": "84008",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/84008"
"name" : "openSUSE-SU-2016:0729", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html" "name": "DSA-3507",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3507"
"name" : "84008", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/84008" "name": "1035185",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1035185"
"name" : "1035185", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035185" "name": "openSUSE-SU-2016:0729",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"
} },
} {
"name": "SUSE-SU-2016:0665",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "https://codereview.chromium.org/1744623002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1744623002"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"
}
]
}
}

220
2016/5xxx/CVE-2016-5080.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2016-5080", "ID": "CVE-2016-5080",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160719 CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/538952/100/0/threaded" "lang": "eng",
}, "value": "Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data."
{ }
"name" : "20160725 CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2016/Jul/65" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.html", ]
"refsource" : "MISC", }
"url" : "https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.html" ]
}, },
{ "references": {
"name" : "http://packetstormsecurity.com/files/137970/Objective-Systems-Inc.-ASN1C-For-C-C-Heap-Memory-Corruption.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/137970/Objective-Systems-Inc.-ASN1C-For-C-C-Heap-Memory-Corruption.html" "name": "https://source.android.com/security/bulletin/2017-01-01.html",
}, "refsource": "CONFIRM",
{ "url": "https://source.android.com/security/bulletin/2017-01-01.html"
"name" : "https://source.android.com/security/bulletin/2017-01-01.html", },
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-01-01.html" "name": "20160719 CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/538952/100/0/threaded"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" "name": "https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080",
}, "refsource": "MISC",
{ "url": "https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080"
"name" : "20160721 Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products", },
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160721-asn1c" "name": "VU#790839",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/790839"
"name" : "VU#790839", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/790839" "name": "https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.html",
}, "refsource": "MISC",
{ "url": "https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.html"
"name" : "91836", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91836" "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name" : "1036386", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036386" "name": "1036386",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1036386"
} },
} {
"name": "http://packetstormsecurity.com/files/137970/Objective-Systems-Inc.-ASN1C-For-C-C-Heap-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137970/Objective-Systems-Inc.-ASN1C-For-C-C-Heap-Memory-Corruption.html"
},
{
"name": "20160725 CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jul/65"
},
{
"name": "91836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91836"
},
{
"name": "20160721 Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160721-asn1c"
}
]
}
}

290
2016/5xxx/CVE-2016-5388.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-5388", "ID": "CVE-2016-5388",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://httpoxy.org/", "description_data": [
"refsource" : "MISC", {
"url" : "https://httpoxy.org/" "lang": "eng",
}, "value": "Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability."
{ }
"name" : "https://www.apache.org/security/asf-httpoxy-response.txt", ]
"refsource" : "CONFIRM", },
"url" : "https://www.apache.org/security/asf-httpoxy-response.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", ]
"refsource" : "CONFIRM", }
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149" ]
}, },
{ "references": {
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759" "name": "RHSA-2016:1635",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1635"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us" "name": "VU#797896",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/797896"
"name" : "https://tomcat.apache.org/tomcat-7.0-doc/changelog.html", },
"refsource" : "CONFIRM", {
"url" : "https://tomcat.apache.org/tomcat-7.0-doc/changelog.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
"name" : "RHSA-2016:2045", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2045.html" "name": "RHSA-2016:2045",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-2045.html"
"name" : "RHSA-2016:2046", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2046.html" "name": "RHSA-2016:2046",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-2046.html"
"name" : "RHSA-2016:1635", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1635" "name": "https://tomcat.apache.org/tomcat-7.0-doc/changelog.html",
}, "refsource": "CONFIRM",
{ "url": "https://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
"name" : "RHSA-2016:1636", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1636" "name": "91818",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/91818"
"name" : "RHSA-2016:1624", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1624.html" "name": "openSUSE-SU-2016:2252",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
"name" : "openSUSE-SU-2016:2252", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
"name" : "VU#797896", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/797896" "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us"
"name" : "91818", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91818" "name": "RHSA-2016:1624",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
"name" : "1036331", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036331" "name": "https://www.apache.org/security/asf-httpoxy-response.txt",
} "refsource": "CONFIRM",
] "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
} },
} {
"name": "https://httpoxy.org/",
"refsource": "MISC",
"url": "https://httpoxy.org/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "1036331",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036331"
},
{
"name": "RHSA-2016:1636",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1636"
}
]
}
}

130
2016/5xxx/CVE-2016-5565.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-5565", "ID": "CVE-2016-5565",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality via vectors related to OPERA."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality via vectors related to OPERA."
{ }
"name" : "93766", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93766" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "93766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93766"
}
]
}
}

144
2016/5xxx/CVE-2016-5638.json
View File

@ -1,74 +1,74 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cert@cert.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2016-5638", "ID": "CVE-2016-5638",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text" "TITLE": "Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WNDR4500", "product_name": "WNDR4500",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "=", "affected": "=",
"version_name" : "V1.0.1.40_1.0.6877", "version_name": "V1.0.1.40_1.0.6877",
"version_value" : "V1.0.1.40_1.0.6877" "version_value": "V1.0.1.40_1.0.6877"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Netgear" "vendor_name": "Netgear"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-319"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html" "lang": "eng",
} "value": "There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text."
] }
}, ]
"solution" : [ },
{ "problemtype": {
"lang" : "eng", "problemtype_data": [
"value" : "Netgear has released firmware version 1.0.0.52 for DGN2200 & 1.0.0.28 for DGND3700 to address this issue." {
} "description": [
], {
"source" : { "lang": "eng",
"discovery" : "UNKNOWN" "value": "CWE-319"
} }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Netgear has released firmware version 1.0.0.52 for DGN2200 & 1.0.0.28 for DGND3700 to address this issue."
}
],
"source": {
"discovery": "UNKNOWN"
}
}

34
2018/2xxx/CVE-2018-2039.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-2039", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-2039",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

34
2018/2xxx/CVE-2018-2318.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-2318", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-2318",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

34
2018/2xxx/CVE-2018-2357.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-2357", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-2357",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

356
2018/2xxx/CVE-2018-2618.json
View File

@ -1,180 +1,180 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-2618", "ID": "CVE-2018-2618",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Java", "product_name": "Java",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "Java SE: 6u171" "version_value": "Java SE: 6u171"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "7u161" "version_value": "7u161"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8u152" "version_value": "8u152"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16" "version_value": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html" "lang": "eng",
}, "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
{ }
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://security.netapp.com/advisory/ntap-20180117-0001/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20180117-0001/" "lang": "eng",
}, "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data."
{ }
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", ]
"refsource" : "CONFIRM", }
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" ]
}, },
{ "references": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us" "name": "RHSA-2018:0351",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0351"
"name" : "DSA-4144", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4144" "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name" : "DSA-4166", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4166" "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
"name" : "RHSA-2018:0095", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0095" "name": "USN-3614-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3614-1/"
"name" : "RHSA-2018:0099", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0099" "name": "DSA-4166",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4166"
"name" : "RHSA-2018:0100", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0100" "name": "RHSA-2018:0095",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0095"
"name" : "RHSA-2018:0115", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0115" "name": "DSA-4144",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4144"
"name" : "RHSA-2018:0349", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0349" "name": "RHSA-2018:0521",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0521"
"name" : "RHSA-2018:0351", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0351" "name": "RHSA-2018:0352",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0352"
"name" : "RHSA-2018:0352", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0352" "name": "RHSA-2018:0115",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0115"
"name" : "RHSA-2018:0458", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0458" "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
}, "refsource": "CONFIRM",
{ "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name" : "RHSA-2018:0521", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0521" "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
"name" : "RHSA-2018:1463", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1463" "name": "RHSA-2018:1812",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1812"
"name" : "RHSA-2018:1812", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1812" "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us",
}, "refsource": "CONFIRM",
{ "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us"
"name" : "USN-3613-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3613-1/" "name": "102612",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/102612"
"name" : "USN-3614-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3614-1/" "name": "RHSA-2018:0099",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0099"
"name" : "102612", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102612" "name": "RHSA-2018:1463",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1463"
"name" : "1040203", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040203" "name": "RHSA-2018:0458",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:0458"
} },
} {
"name": "RHSA-2018:0349",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0349"
},
{
"name": "1040203",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040203"
},
{
"name": "USN-3613-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3613-1/"
},
{
"name": "RHSA-2018:0100",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0100"
}
]
}
}

180
2018/2xxx/CVE-2018-2627.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-2627", "ID": "CVE-2018-2627",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to the Windows installer only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" "lang": "eng",
}, "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to the Windows installer only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20180117-0001/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20180117-0001/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "description": [
"refsource" : "CONFIRM", {
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2018:0099", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:0099" ]
}, },
{ "references": {
"name" : "RHSA-2018:1463", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1463" "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name" : "102584", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102584" "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
"name" : "1040203", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040203" "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
} "refsource": "CONFIRM",
] "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
} },
} {
"name": "RHSA-2018:0099",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0099"
},
{
"name": "RHSA-2018:1463",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1463"
},
{
"name": "102584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102584"
},
{
"name": "1040203",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040203"
}
]
}
}

182
2018/2xxx/CVE-2018-2779.json
View File

@ -1,93 +1,93 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-2779", "ID": "CVE-2018-2779",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.7.21 and prior" "version_value": "5.7.21 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20180419-0002/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20180419-0002/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:3655", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3655" "lang": "eng",
}, "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
{ }
"name" : "USN-3629-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3629-1/" ]
}, },
{ "references": {
"name" : "USN-3629-3", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3629-3/" "name": "1040698",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1040698"
"name" : "103787", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103787" "name": "https://security.netapp.com/advisory/ntap-20180419-0002/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20180419-0002/"
"name" : "1040698", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040698" "name": "RHSA-2018:3655",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:3655"
} },
} {
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "USN-3629-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3629-1/"
},
{
"name": "103787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103787"
},
{
"name": "USN-3629-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3629-3/"
}
]
}
}

34
2019/0xxx/CVE-2019-0198.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-0198", "ID": "CVE-2019-0198",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

400
2019/0xxx/CVE-2019-0265.json
View File

@ -1,202 +1,202 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cna@sap.com", "ASSIGNER": "cna@sap.com",
"ID" : "CVE-2019-0265", "ID": "CVE-2019-0265",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ABAP Platform (KRNL32NUC)", "product_name": "ABAP Platform (KRNL32NUC)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.21" "version_value": "7.21"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.21EXT" "version_value": "7.21EXT"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.22" "version_value": "7.22"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.22EXT" "version_value": "7.22EXT"
} }
] ]
} }
}, },
{ {
"product_name" : "ABAP Platform (KRNL32UC)", "product_name": "ABAP Platform (KRNL32UC)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.21" "version_value": "7.21"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.21EXT" "version_value": "7.21EXT"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.22" "version_value": "7.22"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.22EXT" "version_value": "7.22EXT"
} }
] ]
} }
}, },
{ {
"product_name" : "ABAP Platform (KRNL64NUC)", "product_name": "ABAP Platform (KRNL64NUC)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.21" "version_value": "7.21"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.21EXT" "version_value": "7.21EXT"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.22" "version_value": "7.22"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.22EXT" "version_value": "7.22EXT"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.49" "version_value": "7.49"
} }
] ]
} }
}, },
{ {
"product_name" : "ABAP Platform (KRNL64UC)", "product_name": "ABAP Platform (KRNL64UC)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.21" "version_value": "7.21"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.21EXT" "version_value": "7.21EXT"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.22" "version_value": "7.22"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.22EXT" "version_value": "7.22EXT"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.49" "version_value": "7.49"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.73" "version_value": "7.73"
} }
] ]
} }
}, },
{ {
"product_name" : "ABAP Platform (KERNEL)", "product_name": "ABAP Platform (KERNEL)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "from 7.21 to 7.22" "version_value": "from 7.21 to 7.22"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.45" "version_value": "7.45"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.49" "version_value": "7.49"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.53" "version_value": "7.53"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.73" "version_value": "7.73"
}, },
{ {
"version_name" : "<", "version_name": "<",
"version_value" : "7.75" "version_value": "7.75"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "SAP SE" "vendor_name": "SAP SE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://launchpad.support.sap.com/#/notes/2729710", "description_data": [
"refsource" : "MISC", {
"url" : "https://launchpad.support.sap.com/#/notes/2729710" "lang": "eng",
}, "value": "SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75."
{ }
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943", ]
"refsource" : "MISC", },
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "106972", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106972" "lang": "eng",
}, "value": "Denial of Service"
{ }
"name" : "107364", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/107364" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
},
{
"name": "106972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106972"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2729710",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2729710"
},
{
"name": "107364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107364"
}
]
}
}

34
2019/0xxx/CVE-2019-0466.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-0466", "ID": "CVE-2019-0466",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/0xxx/CVE-2019-0828.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-0828", "ID": "CVE-2019-0828",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/1xxx/CVE-2019-1262.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1262", "ID": "CVE-2019-1262",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/1xxx/CVE-2019-1856.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1856", "ID": "CVE-2019-1856",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/1xxx/CVE-2019-1946.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1946", "ID": "CVE-2019-1946",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/1xxx/CVE-2019-1978.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1978", "ID": "CVE-2019-1978",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/4xxx/CVE-2019-4181.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-4181", "ID": "CVE-2019-4181",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/4xxx/CVE-2019-4414.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-4414", "ID": "CVE-2019-4414",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/4xxx/CVE-2019-4737.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-4737", "ID": "CVE-2019-4737",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/4xxx/CVE-2019-4888.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-4888", "ID": "CVE-2019-4888",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5151.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5151", "ID": "CVE-2019-5151",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5233.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5233", "ID": "CVE-2019-5233",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5661.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5661", "ID": "CVE-2019-5661",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5804.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5804", "ID": "CVE-2019-5804",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/9xxx/CVE-2019-9806.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-9806", "ID": "CVE-2019-9806",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }