admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:15:47 +00:00
parent dfe827e47c
commit 9b8e49234a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
70 changed files with 3868 additions and 3868 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/0xxx/CVE-1999-0785.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-0785", "ID": "CVE-1999-0785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The INN inndstart program allows local users to gain root privileges via the \"pathrun\" parameter in the inn.conf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "254", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/254" "lang": "eng",
} "value": "The INN inndstart program allows local users to gain root privileges via the \"pathrun\" parameter in the inn.conf file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/254"
}
]
}
}

120
1999/0xxx/CVE-1999-0857.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-0857", "ID": "CVE-1999-0857",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FreeBSD gdc program allows local users to modify files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "835", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/835" "lang": "eng",
} "value": "FreeBSD gdc program allows local users to modify files via a symlink attack."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/835"
}
]
}
}

150
1999/1xxx/CVE-1999-1085.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1085", "ID": "CVE-1999-1085",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the \"SSH insertion attack.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19980612 CORE-SDI-04: SSH insertion attack", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=90221103125884&w=2" "lang": "eng",
}, "value": "SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the \"SSH insertion attack.\""
{ }
"name" : "19980703 UPDATE: SSH insertion attack", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=90221104525878&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#13877", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/13877" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ssh-insert(1126)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/1126.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "19980703 UPDATE: SSH insertion attack",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=90221104525878&w=2"
},
{
"name": "ssh-insert(1126)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/1126.php"
},
{
"name": "VU#13877",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/13877"
},
{
"name": "19980612 CORE-SDI-04: SSH insertion attack",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=90221103125884&w=2"
}
]
}
}

150
1999/1xxx/CVE-1999-1098.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1098", "ID": "CVE-1999-1098",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "CA-1995-03", "description_data": [
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-1995-03.html" "lang": "eng",
}, "value": "Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing."
{ }
"name" : "F-12", ]
"refsource" : "CIAC", },
"url" : "http://www.ciac.org/ciac/bulletins/f-12.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "bsd-telnet(516)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/516.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4881", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/4881" ]
} },
] "references": {
} "reference_data": [
} {
"name": "bsd-telnet(516)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/516.php"
},
{
"name": "4881",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4881"
},
{
"name": "F-12",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/f-12.shtml"
},
{
"name": "CA-1995-03",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-1995-03.html"
}
]
}
}

120
1999/1xxx/CVE-1999-1357.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1357", "ID": "CVE-1999-1357",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a \"<\" sign, and the 0x9b character to a \">\" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19991005 Time to update those CGIs again", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=93915331626185&w=2" "lang": "eng",
} "value": "Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a \"<\" sign, and the 0x9b character to a \">\" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19991005 Time to update those CGIs again",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=93915331626185&w=2"
}
]
}
}

170
1999/1xxx/CVE-1999-1486.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1486", "ID": "CVE-1999-1486",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info" "lang": "eng",
}, "value": "sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack."
{ }
"name" : "IX75554", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IX75554&apar=only" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IX76853", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IX76853&apar=only" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "IX76330", ]
"refsource" : "AIXAPAR", }
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IX76330&apar=only" ]
}, },
{ "references": {
"name" : "408", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/408" "name": "http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info",
}, "refsource": "CONFIRM",
{ "url": "http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info"
"name" : "aix-sadc-timex(7675)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7675" "name": "IX75554",
} "refsource": "AIXAPAR",
] "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IX75554&apar=only"
} },
} {
"name": "IX76330",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IX76330&apar=only"
},
{
"name": "408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/408"
},
{
"name": "aix-sadc-timex(7675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7675"
},
{
"name": "IX76853",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IX76853&apar=only"
}
]
}
}

140
2000/0xxx/CVE-2000-0154.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0154", "ID": "CVE-2000-0154",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000215 ARCserve symlink vulnerability", "description_data": [
"refsource" : "NAI", {
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000101bf78af$94528870$4d2f45a1@jmagdych.na.nai.com" "lang": "eng",
}, "value": "The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack."
{ }
"name" : "988", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/988" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.sco.com/security/", "description": [
"refsource" : "MISC", {
"url" : "http://www.sco.com/security/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.sco.com/security/",
"refsource": "MISC",
"url": "http://www.sco.com/security/"
},
{
"name": "20000215 ARCserve symlink vulnerability",
"refsource": "NAI",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000101bf78af$94528870$4d2f45a1@jmagdych.na.nai.com"
},
{
"name": "988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/988"
}
]
}
}

120
2000/0xxx/CVE-2000-0216.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0216", "ID": "CVE-2000-0216",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000229 mailbombing DoS easily exploitable against mail systems using MS mail clients.", "description_data": [
"refsource" : "NTBUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0176.html" "lang": "eng",
} "value": "Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000229 mailbombing DoS easily exploitable against mail systems using MS mail clients.",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0176.html"
}
]
}
}

140
2000/0xxx/CVE-2000-0260.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0260", "ID": "CVE-2000-0260",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the \"Link View Server-Side Component\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS00-025", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-025" "lang": "eng",
}, "value": "Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the \"Link View Server-Side Component\" vulnerability."
{ }
"name" : "1109", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1109" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "282", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/282" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS00-025",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-025"
},
{
"name": "1109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1109"
},
{
"name": "282",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/282"
}
]
}
}

140
2000/0xxx/CVE-2000-0505.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0505", "ID": "CVE-2000-0505",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000603 Re: IBM HTTP SERVER / APACHE", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.20.0006031912360.45740-100000@alive.znep.com" "lang": "eng",
}, "value": "The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters."
{ }
"name" : "1284", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1284" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-http-file-retrieve(4575)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4575" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ibm-http-file-retrieve(4575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4575"
},
{
"name": "20000603 Re: IBM HTTP SERVER / APACHE",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.20.0006031912360.45740-100000@alive.znep.com"
},
{
"name": "1284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1284"
}
]
}
}

140
2000/0xxx/CVE-2000-0583.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0583", "ID": "CVE-2000-0583",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000626 vpopmail-3.4.11 problems", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com" "lang": "eng",
}, "value": "vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives."
{ }
"name" : "http://www.vpopmail.cx/vpopmail-ChangeLog", ]
"refsource" : "CONFIRM", },
"url" : "http://www.vpopmail.cx/vpopmail-ChangeLog" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1418", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/1418" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.vpopmail.cx/vpopmail-ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.vpopmail.cx/vpopmail-ChangeLog"
},
{
"name": "1418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1418"
},
{
"name": "20000626 vpopmail-3.4.11 problems",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com"
}
]
}
}

130
2000/0xxx/CVE-2000-0681.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0681", "ID": "CVE-2000-0681",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000815 BEA Weblogic server proxy library vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html" "lang": "eng",
}, "value": "Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension."
{ }
"name" : "1570", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1570" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000815 BEA Weblogic server proxy library vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html"
},
{
"name": "1570",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1570"
}
]
}
}

130
2000/0xxx/CVE-2000-0771.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0771", "ID": "CVE-2000-0771",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the \"Local Security Policy Corruption\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS00-062", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-062" "lang": "eng",
}, "value": "Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the \"Local Security Policy Corruption\" vulnerability."
{ }
"name" : "1613", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1613" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS00-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-062"
},
{
"name": "1613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1613"
}
]
}
}

150
2000/0xxx/CVE-2000-0799.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0799", "ID": "CVE-2000-0799",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000802 [LSD] some unpublished LSD exploit codes", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl" "lang": "eng",
}, "value": "inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file."
{ }
"name" : "20001101-01-I", ]
"refsource" : "SGI", },
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1530", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/1530" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "irix-inpview-symlink(5065)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5065" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20001101-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I"
},
{
"name": "20000802 [LSD] some unpublished LSD exploit codes",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl"
},
{
"name": "1530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1530"
},
{
"name": "irix-inpview-symlink(5065)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5065"
}
]
}
}

140
2000/1xxx/CVE-2000-1024.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-1024", "ID": "CVE-2000-1024",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20001101 Unify eWave ServletExec upload", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=97306581513537&w=2" "lang": "eng",
}, "value": "eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands."
{ }
"name" : "1876", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1876" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ewave-servletexec-file-upload(5450)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5450" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ewave-servletexec-file-upload(5450)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5450"
},
{
"name": "1876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1876"
},
{
"name": "20001101 Unify eWave ServletExec upload",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=97306581513537&w=2"
}
]
}
}

130
2000/1xxx/CVE-2000-1128.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-1128", "ID": "CVE-2000-1128",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse \"common.exe\" program in the C:\\Program Files directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20001103 Elevation of Privileges Exploit with McAfee VirusScan 4.5", "description_data": [
"refsource" : "NTBUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html" "lang": "eng",
}, "value": "The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse \"common.exe\" program in the C:\\Program Files directory."
{ }
"name" : "1920", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1920" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1920"
},
{
"name": "20001103 Elevation of Privileges Exploit with McAfee VirusScan 4.5",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html"
}
]
}
}

160
2005/2xxx/CVE-2005-2986.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2986", "ID": "CVE-2005-2986",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050919 Secunia Research: Ahnlab V3 Antivirus Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112680062609377&w=2" "lang": "eng",
}, "value": "The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges."
{ }
"name" : "http://info.ahnlab.com/english/advisory/01.html", ]
"refsource" : "CONFIRM", },
"url" : "http://info.ahnlab.com/english/advisory/01.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14847", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14847" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15674", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/15674/" ]
}, },
{ "references": {
"name" : "ahnlab-v3flt2k-gain-privilege(22297)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22297" "name": "20050919 Secunia Research: Ahnlab V3 Antivirus Multiple Vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=112680062609377&w=2"
} },
} {
"name": "http://info.ahnlab.com/english/advisory/01.html",
"refsource": "CONFIRM",
"url": "http://info.ahnlab.com/english/advisory/01.html"
},
{
"name": "ahnlab-v3flt2k-gain-privilege(22297)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22297"
},
{
"name": "14847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14847"
},
{
"name": "15674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15674/"
}
]
}
}

170
2007/1xxx/CVE-2007-1137.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-1137", "ID": "CVE-2007-1137",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://putmail.sourceforge.net/home.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://putmail.sourceforge.net/home.html" "lang": "eng",
}, "value": "putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information."
{ }
"name" : "22718", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/22718" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-0753", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/0753" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33764", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/33764" ]
}, },
{ "references": {
"name" : "24266", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24266" "name": "ADV-2007-0753",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/0753"
"name" : "putmail-tls-password-plaintext(32689)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32689" "name": "putmail-tls-password-plaintext(32689)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32689"
} },
} {
"name": "22718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22718"
},
{
"name": "http://putmail.sourceforge.net/home.html",
"refsource": "CONFIRM",
"url": "http://putmail.sourceforge.net/home.html"
},
{
"name": "24266",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24266"
},
{
"name": "33764",
"refsource": "OSVDB",
"url": "http://osvdb.org/33764"
}
]
}
}

150
2007/1xxx/CVE-2007-1241.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-1241", "ID": "CVE-2007-1241",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/22728.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/22728.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "22728", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/22728" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35994", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/35994" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "audins-setup-xss(32839)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32839" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/22728.html",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/22728.html"
},
{
"name": "35994",
"refsource": "OSVDB",
"url": "http://osvdb.org/35994"
},
{
"name": "audins-setup-xss(32839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32839"
},
{
"name": "22728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22728"
}
]
}
}

120
2007/1xxx/CVE-2007-1572.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-1572", "ID": "CVE-2007-1572",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ADV-2007-0940", "description_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/0940" "lang": "eng",
} "value": "SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0940",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0940"
}
]
}
}

150
2007/5xxx/CVE-2007-5159.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-5159", "ID": "CVE-2007-5159",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[fedora-desktop-list] 20070918 Re: fuse (Was Re: early-gdm redux)", "description_data": [
"refsource" : "MLIST", {
"url" : "https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html" "lang": "eng",
}, "value": "The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=298651", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=298651" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2007-2295", "description": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26938", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/26938" ]
} },
] "references": {
} "reference_data": [
} {
"name": "FEDORA-2007-2295",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=298651",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=298651"
},
{
"name": "[fedora-desktop-list] 20070918 Re: fuse (Was Re: early-gdm redux)",
"refsource": "MLIST",
"url": "https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html"
},
{
"name": "26938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26938"
}
]
}
}

180
2007/5xxx/CVE-2007-5956.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-5956", "ID": "CVE-2007-5956",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071109 IBM Informix Dynamic Server DBLANG Directory Traversal Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624" "lang": "eng",
}, "value": "Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable."
{ }
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27011082", ]
"refsource" : "CONFIRM", },
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27011082" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IC54252", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54252" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26363", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/26363" ]
}, },
{ "references": {
"name" : "ADV-2007-3757", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3757" "name": "27542",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27542"
"name" : "27542", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27542" "name": "20071109 IBM Informix Dynamic Server DBLANG Directory Traversal Vulnerability",
}, "refsource": "IDEFENSE",
{ "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624"
"name" : "ibm-ids-dblang-directory-traversal(38297)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38297" "name": "26363",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/26363"
} },
} {
"name": "IC54252",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54252"
},
{
"name": "ADV-2007-3757",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3757"
},
{
"name": "ibm-ids-dblang-directory-traversal(38297)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38297"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082"
}
]
}
}

160
2015/3xxx/CVE-2015-3215.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-3215", "ID": "CVE-2015-3215",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.redhat.com/security/data/cve/CVE-2015-3215.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.redhat.com/security/data/cve/CVE-2015-3215.html" "lang": "eng",
}, "value": "The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options."
{ }
"name" : "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2015:1043", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1043.html" ]
}, },
{ "references": {
"name" : "RHSA-2015:1044", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1044.html" "name": "RHSA-2015:1044",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2015-1044.html"
} },
} {
"name": "https://www.redhat.com/security/data/cve/CVE-2015-3215.html",
"refsource": "MISC",
"url": "https://www.redhat.com/security/data/cve/CVE-2015-3215.html"
},
{
"name": "RHSA-2015:1043",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1043.html"
},
{
"name": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238",
"refsource": "CONFIRM",
"url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238"
},
{
"name": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1",
"refsource": "CONFIRM",
"url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1"
}
]
}
}

34
2015/3xxx/CVE-2015-3399.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-3399", "ID": "CVE-2015-3399",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2015/3xxx/CVE-2015-3781.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-3781", "ID": "CVE-2015-3781",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/kb/HT205031", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/kb/HT205031" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search."
{ }
"name" : "APPLE-SA-2015-08-13-2", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "76340", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76340" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1033276", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1033276" ]
} },
] "references": {
} "reference_data": [
} {
"name": "76340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76340"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "1033276",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033276"
}
]
}
}

34
2015/3xxx/CVE-2015-3817.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-3817", "ID": "CVE-2015-3817",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2015/4xxx/CVE-2015-4035.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4035", "ID": "CVE-2015-4035",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150518 CVE request: xzgrep 4.999.9beta arbitrary code execution vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2015/q2/484" "lang": "eng",
}, "value": "scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name."
{ }
"name" : "[oss-security] 20150519 Re: CVE request: xzgrep 4.999.9beta arbitrary code execution vulnerability", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2015/05/19/13" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1223341", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1223341" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://git.tukaani.org/?p=xz.git;a=commitdiff;h=f4b2b52624b802c786e4e2a8eb6895794dd93b24", ]
"refsource" : "CONFIRM", }
"url" : "https://git.tukaani.org/?p=xz.git;a=commitdiff;h=f4b2b52624b802c786e4e2a8eb6895794dd93b24" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[oss-security] 20150518 CVE request: xzgrep 4.999.9beta arbitrary code execution vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q2/484"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1223341",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223341"
},
{
"name": "https://git.tukaani.org/?p=xz.git;a=commitdiff;h=f4b2b52624b802c786e4e2a8eb6895794dd93b24",
"refsource": "CONFIRM",
"url": "https://git.tukaani.org/?p=xz.git;a=commitdiff;h=f4b2b52624b802c786e4e2a8eb6895794dd93b24"
},
{
"name": "[oss-security] 20150519 Re: CVE request: xzgrep 4.999.9beta arbitrary code execution vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/19/13"
}
]
}
}

34
2015/7xxx/CVE-2015-7163.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2015-7163", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2015-7163",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
} }
] ]
} }
} }

140
2015/7xxx/CVE-2015-7255.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2015-7255", "ID": "CVE-2015-7255",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93" "lang": "eng",
}, "value": "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device."
{ }
"name" : "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR", ]
"refsource" : "MISC", },
"url" : "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#566724", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/566724" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#566724",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93",
"refsource": "MISC",
"url": "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93"
},
{
"name": "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR"
}
]
}
}

130
2015/7xxx/CVE-2015-7785.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2015-7785", "ID": "CVE-2015-7785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GANMA! App for iOS does not verify SSL certificates."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#44541100", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN44541100/index.html" "lang": "eng",
}, "value": "GANMA! App for iOS does not verify SSL certificates."
{ }
"name" : "JVNDB-2015-000191", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000191.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#44541100",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN44541100/index.html"
},
{
"name": "JVNDB-2015-000191",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000191.html"
}
]
}
}

34
2015/8xxx/CVE-2015-8526.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2015-8526", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2015-8526",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
} }
] ]
} }
} }

34
2015/8xxx/CVE-2015-8573.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2015-8573", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2015-8573",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
} }
] ]
} }
} }

34
2015/8xxx/CVE-2015-8689.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-8689", "ID": "CVE-2015-8689",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2015/8xxx/CVE-2015-8849.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-8849", "ID": "CVE-2015-8849",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2015/8xxx/CVE-2015-8915.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-8915", "ID": "CVE-2015-8915",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160617 Many invalid memory access issues in libarchive", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/06/17/2" "lang": "eng",
}, "value": "bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file."
{ }
"name" : "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/06/17/5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update", "description": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", ]
"refsource" : "MISC", }
"url" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html" ]
}, },
{ "references": {
"name" : "https://github.com/libarchive/libarchive/issues/503", "reference_data": [
"refsource" : "MISC", {
"url" : "https://github.com/libarchive/libarchive/issues/503" "name": "https://github.com/libarchive/libarchive/issues/503",
}, "refsource": "MISC",
{ "url": "https://github.com/libarchive/libarchive/issues/503"
"name" : "GLSA-201701-03", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201701-03" "name": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html",
}, "refsource": "MISC",
{ "url": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html"
"name" : "91298", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91298" "name": "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update",
} "refsource": "MLIST",
] "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html"
} },
} {
"name": "[oss-security] 20160617 Many invalid memory access issues in libarchive",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/17/2"
},
{
"name": "GLSA-201701-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-03"
},
{
"name": "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/17/5"
},
{
"name": "91298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91298"
}
]
}
}

132
2015/9xxx/CVE-2015-9131.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2015-9131", "ID": "CVE-2015-9131",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Mobile", "product_name": "Snapdragon Mobile",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, SD 810" "version_value": "SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, SD 810"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, lack of input validation in qsee can lead to unauthorized memory access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted Pointer Dereference in Core"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-04-01" "lang": "eng",
}, "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, lack of input validation in qsee can lead to unauthorized memory access."
{ }
"name" : "103671", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103671" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Untrusted Pointer Dereference in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

34
2015/9xxx/CVE-2015-9154.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-9154", "ID": "CVE-2015-9154",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2016/0xxx/CVE-2016-0120.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-0120", "ID": "CVE-2016-0120",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka \"OpenType Font Parsing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "39561", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/39561/" "lang": "eng",
}, "value": "The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka \"OpenType Font Parsing Vulnerability.\""
{ }
"name" : "MS16-026", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-026" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "84071", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/84071" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1035198", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1035198" ]
} },
] "references": {
} "reference_data": [
} {
"name": "MS16-026",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-026"
},
{
"name": "1035198",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035198"
},
{
"name": "84071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84071"
},
{
"name": "39561",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39561/"
}
]
}
}

220
2016/1xxx/CVE-2016-1633.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2016-1633", "ID": "CVE-2016-1633",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=572537", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=572537" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3507", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3507" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201603-09", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201603-09" ]
}, },
{ "references": {
"name" : "SUSE-SU-2016:0665", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html" "name": "openSUSE-SU-2016:0664",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"
"name" : "openSUSE-SU-2016:0664", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html" "name": "openSUSE-SU-2016:0684",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"
"name" : "openSUSE-SU-2016:0684", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html" "name": "84008",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/84008"
"name" : "openSUSE-SU-2016:0729", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html" "name": "DSA-3507",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3507"
"name" : "USN-2920-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2920-1" "name": "1035185",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1035185"
"name" : "84008", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/84008" "name": "openSUSE-SU-2016:0729",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"
"name" : "1035185", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035185" "name": "SUSE-SU-2016:0665",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"
} },
} {
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "USN-2920-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2920-1"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=572537",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=572537"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"
}
]
}
}

230
2016/1xxx/CVE-2016-1689.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2016-1689", "ID": "CVE-2016-1689",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site."
{ }
"name" : "https://codereview.chromium.org/1918073003", ]
"refsource" : "CONFIRM", },
"url" : "https://codereview.chromium.org/1918073003" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://crbug.com/606185", "description": [
"refsource" : "CONFIRM", {
"url" : "https://crbug.com/606185" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3590", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2016/dsa-3590" ]
}, },
{ "references": {
"name" : "GLSA-201607-07", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201607-07" "name": "https://codereview.chromium.org/1918073003",
}, "refsource": "CONFIRM",
{ "url": "https://codereview.chromium.org/1918073003"
"name" : "RHSA-2016:1190", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1190" "name": "90876",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/90876"
"name" : "openSUSE-SU-2016:1430", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html" "name": "https://crbug.com/606185",
}, "refsource": "CONFIRM",
{ "url": "https://crbug.com/606185"
"name" : "openSUSE-SU-2016:1433", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html" "name": "openSUSE-SU-2016:1496",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
"name" : "openSUSE-SU-2016:1496", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html" "name": "1035981",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1035981"
"name" : "USN-2992-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2992-1" "name": "DSA-3590",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3590"
"name" : "90876", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/90876" "name": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
"name" : "1035981", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035981" "name": "USN-2992-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-2992-1"
} },
} {
"name": "openSUSE-SU-2016:1430",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "RHSA-2016:1190",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"name": "GLSA-201607-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
}
]
}
}

210
2016/1xxx/CVE-2016-1755.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-1755", "ID": "CVE-2016-1755",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "39614", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/39614/" "lang": "eng",
}, "value": "The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754."
{ }
"name" : "https://support.apple.com/HT206166", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT206166" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT206167", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT206167" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT206168", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT206168" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT206169", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT206169" "name": "APPLE-SA-2016-03-21-5",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
"name" : "APPLE-SA-2016-03-21-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html" "name": "https://support.apple.com/HT206167",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT206167"
"name" : "APPLE-SA-2016-03-21-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html" "name": "https://support.apple.com/HT206168",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT206168"
"name" : "APPLE-SA-2016-03-21-3", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html" "name": "1035353",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1035353"
"name" : "APPLE-SA-2016-03-21-5", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" "name": "39614",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/39614/"
"name" : "1035353", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035353" "name": "APPLE-SA-2016-03-21-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
} },
} {
"name": "APPLE-SA-2016-03-21-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"name": "APPLE-SA-2016-03-21-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
},
{
"name": "https://support.apple.com/HT206169",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206169"
},
{
"name": "https://support.apple.com/HT206166",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206166"
}
]
}
}

170
2016/1xxx/CVE-2016-1785.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-1785", "ID": "CVE-2016-1785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160331 WebKitGTK+ Security Advisory WSA-2016-0003", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/537948/100/0/threaded" "lang": "eng",
}, "value": "The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site."
{ }
"name" : "https://support.apple.com/HT206166", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT206166" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT206171", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT206171" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2016-03-21-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2016-03-21-6", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html" "name": "APPLE-SA-2016-03-21-6",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
"name" : "1035353", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035353" "name": "1035353",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1035353"
} },
} {
"name": "APPLE-SA-2016-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
},
{
"name": "20160331 WebKitGTK+ Security Advisory WSA-2016-0003",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"
},
{
"name": "https://support.apple.com/HT206171",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206171"
},
{
"name": "https://support.apple.com/HT206166",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206166"
}
]
}
}

130
2016/1xxx/CVE-2016-1995.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-1995", "ID": "CVE-2016-1995",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" "lang": "eng",
}, "value": "HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors."
{ }
"name" : "1035325", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1035325" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035325",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035325"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
}
]
}
}

150
2016/5xxx/CVE-2016-5063.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2016-5063", "ID": "CVE-2016-5063",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43902", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43902/" "lang": "eng",
}, "value": "The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors."
{ }
"name" : "43934", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/43934/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://docs.bmc.com/docs/display/bsa87/Notification+of+Windows+RSCD+Agent+vulnerability+in+BMC+Server+Automation+CVE-2016-5063", "description": [
"refsource" : "CONFIRM", {
"url" : "https://docs.bmc.com/docs/display/bsa87/Notification+of+Windows+RSCD+Agent+vulnerability+in+BMC+Server+Automation+CVE-2016-5063" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "93948", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/93948" ]
} },
] "references": {
} "reference_data": [
} {
"name": "93948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93948"
},
{
"name": "43934",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43934/"
},
{
"name": "https://docs.bmc.com/docs/display/bsa87/Notification+of+Windows+RSCD+Agent+vulnerability+in+BMC+Server+Automation+CVE-2016-5063",
"refsource": "CONFIRM",
"url": "https://docs.bmc.com/docs/display/bsa87/Notification+of+Windows+RSCD+Agent+vulnerability+in+BMC+Server+Automation+CVE-2016-5063"
},
{
"name": "43902",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43902/"
}
]
}
}

120
2016/5xxx/CVE-2016-5077.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cert@cert.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2016-5077", "ID": "CVE-2016-5077",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Netikus EventSentry before 3.2.1.44", "product_name": "Netikus EventSentry before 3.2.1.44",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Netikus EventSentry before 3.2.1.44" "version_value": "Netikus EventSentry before 3.2.1.44"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netikus EventSentry before 3.2.1.44 has XSS via SNMP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XSS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2", "description_data": [
"refsource" : "MISC", {
"url" : "https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2" "lang": "eng",
} "value": "Netikus EventSentry before 3.2.1.44 has XSS via SNMP."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2"
}
]
}
}

142
2016/5xxx/CVE-2016-5528.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-5528", "ID": "CVE-2016-5528",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "GlassFish Server", "product_name": "GlassFish Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.1.1" "version_value": "2.1.1"
}, },
{ {
"version_value" : "3.0.1" "version_value": "3.0.1"
}, },
{ {
"version_value" : "3.1.2" "version_value": "3.1.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)."
{ }
"name" : "95478", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95478" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "95478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95478"
}
]
}
}

34
2016/5xxx/CVE-2016-5724.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-5724", "ID": "CVE-2016-5724",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/2xxx/CVE-2018-2400.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cna@sap.com", "ASSIGNER": "cna@sap.com",
"ID" : "CVE-2018-2400", "ID": "CVE-2018-2400",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Under certain conditions SAP Business Process Automation (BPA) By Redwood, 9.00, 9.10, allows an attacker to access information which would otherwise be restricted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/" "lang": "eng",
}, "value": "Under certain conditions SAP Business Process Automation (BPA) By Redwood, 9.00, 9.10, allows an attacker to access information which would otherwise be restricted."
{ }
"name" : "https://launchpad.support.sap.com/#/notes/2596535", ]
"refsource" : "CONFIRM", },
"url" : "https://launchpad.support.sap.com/#/notes/2596535" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "103375", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103375" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2596535",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2596535"
},
{
"name": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/"
},
{
"name": "103375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103375"
}
]
}
}

166
2018/2xxx/CVE-2018-2620.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-2620", "ID": "CVE-2018-2620",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Primavera Unifier", "product_name": "Primavera Unifier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "10.x" "version_value": "10.x"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "15.x" "version_value": "15.x"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "16.x" "version_value": "16.x"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "17.x" "version_value": "17.x"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform). Supported versions that are affected are 10.x, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data as well as unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data as well as unauthorized access to critical data or complete access to all Primavera Unifier accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" "lang": "eng",
}, "value": "Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform). Supported versions that are affected are 10.x, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data as well as unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
{ }
"name" : "102583", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102583" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040213", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040213" "lang": "eng",
} "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data as well as unauthorized access to critical data or complete access to all Primavera Unifier accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "1040213",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040213"
},
{
"name": "102583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102583"
}
]
}
}

142
2018/2xxx/CVE-2018-2806.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-2806", "ID": "CVE-2018-2806",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Outside In Technology", "product_name": "Outside In Technology",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.5.3" "version_value": "8.5.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
{ }
"name" : "103816", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103816" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040695", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040695" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "103816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103816"
},
{
"name": "1040695",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040695"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
}
]
}
}

172
2018/2xxx/CVE-2018-2881.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-2881", "ID": "CVE-2018-2881",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MICROS Retail-J", "product_name": "MICROS Retail-J",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "11.0.x" "version_value": "11.0.x"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.0.x" "version_value": "12.0.x"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.x" "version_value": "12.1.x"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.1.x" "version_value": "12.1.1.x"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.2.x" "version_value": "12.1.2.x"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "13.1.x" "version_value": "13.1.x"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
{ }
"name" : "104822", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104822" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104822"
}
]
}
}

306
2018/2xxx/CVE-2018-2940.json
View File

@ -1,155 +1,155 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-2940", "ID": "CVE-2018-2940",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Java", "product_name": "Java",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "Java SE: 6u191" "version_value": "Java SE: 6u191"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "7u181" "version_value": "7u181"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8u172" "version_value": "8u172"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "10.0.1; Java SE Embedded: 8u171" "version_value": "10.0.1; Java SE Embedded: 8u171"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20180726-0001/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20180726-0001/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us" "lang": "eng",
}, "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
{ }
"name" : "RHSA-2018:2253", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:2253" ]
}, },
{ "references": {
"name" : "RHSA-2018:2254", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2254" "name": "RHSA-2018:2254",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2254"
"name" : "RHSA-2018:2255", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2255" "name": "RHSA-2018:3007",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:3007"
"name" : "RHSA-2018:2256", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2256" "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name" : "RHSA-2018:2568", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2568" "name": "RHSA-2018:2713",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2713"
"name" : "RHSA-2018:2569", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2569" "name": "https://security.netapp.com/advisory/ntap-20180726-0001/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20180726-0001/"
"name" : "RHSA-2018:2575", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2575" "name": "RHSA-2018:2255",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2255"
"name" : "RHSA-2018:2576", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2576" "name": "RHSA-2018:2575",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2575"
"name" : "RHSA-2018:2712", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2712" "name": "RHSA-2018:2256",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2256"
"name" : "RHSA-2018:2713", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2713" "name": "RHSA-2018:2576",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2576"
"name" : "RHSA-2018:3007", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3007" "name": "RHSA-2018:2253",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2253"
"name" : "RHSA-2018:3008", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3008" "name": "RHSA-2018:2568",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2568"
"name" : "104768", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104768" "name": "RHSA-2018:2569",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2569"
"name" : "1041302", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041302" "name": "RHSA-2018:2712",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:2712"
} },
} {
"name": "RHSA-2018:3008",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3008"
},
{
"name": "1041302",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041302"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us"
},
{
"name": "104768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104768"
}
]
}
}

34
2019/0xxx/CVE-2019-0416.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-0416", "ID": "CVE-2019-0416",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/0xxx/CVE-2019-0448.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-0448", "ID": "CVE-2019-0448",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/0xxx/CVE-2019-0881.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-0881", "ID": "CVE-2019-0881",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/0xxx/CVE-2019-0902.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-0902", "ID": "CVE-2019-0902",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

146
2019/1000xxx/CVE-2019-1000018.json
View File

@ -1,75 +1,75 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.024645", "DATE_ASSIGNED": "2019-01-22T21:21:10.024645",
"DATE_REQUESTED" : "2019-01-16T17:31:27", "DATE_REQUESTED": "2019-01-16T17:31:27",
"ID" : "CVE-2019-1000018", "ID": "CVE-2019-1000018",
"REQUESTER" : "security@es.net", "REQUESTER": "security@es.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html" "lang": "eng",
}, "value": "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
{ }
"name" : "https://esnet-security.github.io/vulnerabilities/20190115_rssh", ]
"refsource" : "MISC", },
"url" : "https://esnet-security.github.io/vulnerabilities/20190115_rssh" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4377", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2019/dsa-4377" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://esnet-security.github.io/vulnerabilities/20190115_rssh",
"refsource": "MISC",
"url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
},
{
"name": "DSA-4377",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4377"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
}
]
}
}

34
2019/1xxx/CVE-2019-1176.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1176", "ID": "CVE-2019-1176",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/1xxx/CVE-2019-1257.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1257", "ID": "CVE-2019-1257",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/1xxx/CVE-2019-1423.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1423", "ID": "CVE-2019-1423",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/1xxx/CVE-2019-1487.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1487", "ID": "CVE-2019-1487",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/1xxx/CVE-2019-1573.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1573", "ID": "CVE-2019-1573",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/4xxx/CVE-2019-4503.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-4503", "ID": "CVE-2019-4503",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/4xxx/CVE-2019-4658.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-4658", "ID": "CVE-2019-4658",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/4xxx/CVE-2019-4982.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-4982", "ID": "CVE-2019-4982",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5166.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5166", "ID": "CVE-2019-5166",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5693.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5693", "ID": "CVE-2019-5693",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5814.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5814", "ID": "CVE-2019-5814",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5928.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5928", "ID": "CVE-2019-5928",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2019/9xxx/CVE-2019-9125.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-9125", "ID": "CVE-2019-9125",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-878/overflow1.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-878/overflow1.md" "lang": "eng",
}, "value": "An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header."
{ }
"name" : "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-878/overflow2.md", ]
"refsource" : "MISC", },
"url" : "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-878/overflow2.md" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-878/overflow2.md",
"refsource": "MISC",
"url": "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-878/overflow2.md"
},
{
"name": "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-878/overflow1.md",
"refsource": "MISC",
"url": "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-878/overflow1.md"
}
]
}
}