admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:16:00 +00:00
parent 6ad52b241b
commit a16163531a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 4379 additions and 4379 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
2007/2xxx/CVE-2007-2755.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2755",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3938",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3938"
},
{
"name" : "http://moaxb.blogspot.com/2007/05/moaxb-16-bonus-ie-6-precisionid-barcode.html",
"refsource" : "MISC",
"url" : "http://moaxb.blogspot.com/2007/05/moaxb-16-bonus-ie-6-precisionid-barcode.html"
},
{
"name" : "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=18",
"refsource" : "MISC",
"url" : "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=18"
},
{
"name" : "24014",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24014"
},
{
"name" : "37957",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37957"
},
{
"name" : "precisionid-precisionid-file-overwrite(34337)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34337"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moaxb.blogspot.com/2007/05/moaxb-16-bonus-ie-6-precisionid-barcode.html",
"refsource": "MISC",
"url": "http://moaxb.blogspot.com/2007/05/moaxb-16-bonus-ie-6-precisionid-barcode.html"
},
{
"name": "37957",
"refsource": "OSVDB",
"url": "http://osvdb.org/37957"
},
{
"name": "24014",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24014"
},
{
"name": "precisionid-precisionid-file-overwrite(34337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34337"
},
{
"name": "3938",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3938"
},
{
"name": "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=18",
"refsource": "MISC",
"url": "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=18"
}
]
}
}

188
2007/2xxx/CVE-2007-2791.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2791",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBTU02209",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01007552"
},
{
"name" : "SSRT071323",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01007552"
},
{
"name" : "24021",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24021"
},
{
"name" : "36204",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36204"
},
{
"name" : "ADV-2007-1851",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1851"
},
{
"name" : "1018065",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018065"
},
{
"name" : "24036",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24036"
},
{
"name" : "hp-ssh-information-disclosure(34329)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34329"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1851",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1851"
},
{
"name": "1018065",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018065"
},
{
"name": "24036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24036"
},
{
"name": "hp-ssh-information-disclosure(34329)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34329"
},
{
"name": "SSRT071323",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01007552"
},
{
"name": "24021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24021"
},
{
"name": "HPSBTU02209",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01007552"
},
{
"name": "36204",
"refsource": "OSVDB",
"url": "http://osvdb.org/36204"
}
]
}
}

158
2007/3xxx/CVE-2007-3003.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070531 MyBloggie 2.1.6 SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/470112/100/0/threaded"
},
{
"name" : "24249",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24249"
},
{
"name" : "38345",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38345"
},
{
"name" : "2769",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2769"
},
{
"name" : "mybloggie-catidyear-sql-injection(34627)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34627"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybloggie-catidyear-sql-injection(34627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34627"
},
{
"name": "2769",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2769"
},
{
"name": "20070531 MyBloggie 2.1.6 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470112/100/0/threaded"
},
{
"name": "24249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24249"
},
{
"name": "38345",
"refsource": "OSVDB",
"url": "http://osvdb.org/38345"
}
]
}
}

148
2007/3xxx/CVE-2007-3292.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3292",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for \"a small image\" associated with an article."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4082",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4082"
},
{
"name" : "24580",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24580"
},
{
"name" : "37492",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37492"
},
{
"name" : "livecms-articleimage-file-upload(35149)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35149"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for \"a small image\" associated with an article."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24580"
},
{
"name": "4082",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4082"
},
{
"name": "livecms-articleimage-file-upload(35149)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35149"
},
{
"name": "37492",
"refsource": "OSVDB",
"url": "http://osvdb.org/37492"
}
]
}
}

188
2007/3xxx/CVE-2007-3344.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01b allow remote attackers to inject arbitrary web script or HTML via the (1) album_id, (2) order, (3) sort, (4) filter, and (5) genre_id parameters to (a) index.php; and the (6) url parameter to (b) ridirect.php. NOTE: the attack also reveals the installation path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels-team.blogspot.com/2007/06/netjukebox-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels-team.blogspot.com/2007/06/netjukebox-vuln.html"
},
{
"name" : "http://www.netjukebox.nl/changelog.php",
"refsource" : "CONFIRM",
"url" : "http://www.netjukebox.nl/changelog.php"
},
{
"name" : "24577",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24577"
},
{
"name" : "ADV-2007-2292",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2292"
},
{
"name" : "36892",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36892"
},
{
"name" : "36893",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36893"
},
{
"name" : "25741",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25741"
},
{
"name" : "netjukebox-index-xss(35007)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35007"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01b allow remote attackers to inject arbitrary web script or HTML via the (1) album_id, (2) order, (3) sort, (4) filter, and (5) genre_id parameters to (a) index.php; and the (6) url parameter to (b) ridirect.php. NOTE: the attack also reveals the installation path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2292",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2292"
},
{
"name": "http://pridels-team.blogspot.com/2007/06/netjukebox-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/06/netjukebox-vuln.html"
},
{
"name": "http://www.netjukebox.nl/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.netjukebox.nl/changelog.php"
},
{
"name": "netjukebox-index-xss(35007)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35007"
},
{
"name": "36893",
"refsource": "OSVDB",
"url": "http://osvdb.org/36893"
},
{
"name": "24577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24577"
},
{
"name": "36892",
"refsource": "OSVDB",
"url": "http://osvdb.org/36892"
},
{
"name": "25741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25741"
}
]
}
}

208
2007/3xxx/CVE-2007-3615.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070705 Internet Communication Manager Denial Of Service Attack",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name" : "20070705 Internet Communication Manager Denial Of Service Attack",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name" : "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/",
"refsource" : "MISC",
"url" : "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name" : "24774",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24774"
},
{
"name" : "38095",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38095"
},
{
"name" : "ADV-2007-2450",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name" : "1018336",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018336"
},
{
"name" : "25964",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25964"
},
{
"name" : "2875",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2875"
},
{
"name" : "sap-icman-dos(35278)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name": "sap-icman-dos(35278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name": "38095",
"refsource": "OSVDB",
"url": "http://osvdb.org/38095"
},
{
"name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name": "25964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25964"
},
{
"name": "1018336",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018336"
},
{
"name": "ADV-2007-2450",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name": "24774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24774"
},
{
"name": "2875",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2875"
}
]
}
}

148
2007/3xxx/CVE-2007-3649.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4155",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4155"
},
{
"name" : "24793",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24793"
},
{
"name" : "45800",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/45800"
},
{
"name" : "hp-digital-hpqvwocx-file-overwrite(35288)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35288"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4155",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4155"
},
{
"name": "24793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24793"
},
{
"name": "hp-digital-hpqvwocx-file-overwrite(35288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35288"
},
{
"name": "45800",
"refsource": "OSVDB",
"url": "http://osvdb.org/45800"
}
]
}
}

178
2007/3xxx/CVE-2007-3728.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via \"NICK_CHANGE\" notifications."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://silcnet.org/docs/changelog/changes.txt",
"refsource" : "CONFIRM",
"url" : "http://silcnet.org/docs/changelog/changes.txt"
},
{
"name" : "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2",
"refsource" : "CONFIRM",
"url" : "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2"
},
{
"name" : "24795",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24795"
},
{
"name" : "ADV-2007-2454",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2454"
},
{
"name" : "36730",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36730"
},
{
"name" : "25939",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25939"
},
{
"name" : "silc-clienttoolkit-nickchange-bo(35281)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35281"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via \"NICK_CHANGE\" notifications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36730",
"refsource": "OSVDB",
"url": "http://osvdb.org/36730"
},
{
"name": "24795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24795"
},
{
"name": "silc-clienttoolkit-nickchange-bo(35281)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35281"
},
{
"name": "25939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25939"
},
{
"name": "http://silcnet.org/docs/changelog/changes.txt",
"refsource": "CONFIRM",
"url": "http://silcnet.org/docs/changelog/changes.txt"
},
{
"name": "ADV-2007-2454",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2454"
},
{
"name": "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2",
"refsource": "CONFIRM",
"url": "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2"
}
]
}
}

218
2007/3xxx/CVE-2007-3762.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf",
"refsource" : "CONFIRM",
"url" : "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=185713",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name" : "DSA-1358",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1358"
},
{
"name" : "GLSA-200802-11",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name" : "SUSE-SR:2007:015",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name" : "24949",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24949"
},
{
"name" : "ADV-2007-2563",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name" : "1018407",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018407"
},
{
"name" : "26099",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26099"
},
{
"name" : "29051",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29051"
},
{
"name" : "asterisk-iax2channeldriver-bo(35466)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-iax2channeldriver-bo(35466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
},
{
"name": "26099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26099"
},
{
"name": "1018407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29051"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
},
{
"name": "24949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24949"
}
]
}
}

358
2007/4xxx/CVE-2007-4066.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-4066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://svn.xiph.org/trunk/vorbis/CHANGES",
"refsource" : "MISC",
"url" : "http://svn.xiph.org/trunk/vorbis/CHANGES"
},
{
"name" : "https://trac.xiph.org/changeset/13162",
"refsource" : "MISC",
"url" : "https://trac.xiph.org/changeset/13162"
},
{
"name" : "https://trac.xiph.org/changeset/13169",
"refsource" : "MISC",
"url" : "https://trac.xiph.org/changeset/13169"
},
{
"name" : "https://trac.xiph.org/changeset/13170",
"refsource" : "MISC",
"url" : "https://trac.xiph.org/changeset/13170"
},
{
"name" : "https://trac.xiph.org/changeset/13172",
"refsource" : "MISC",
"url" : "https://trac.xiph.org/changeset/13172"
},
{
"name" : "https://trac.xiph.org/changeset/13211",
"refsource" : "MISC",
"url" : "https://trac.xiph.org/changeset/13211"
},
{
"name" : "https://trac.xiph.org/changeset/13215",
"refsource" : "MISC",
"url" : "https://trac.xiph.org/changeset/13215"
},
{
"name" : "https://trac.xiph.org/ticket/853",
"refsource" : "MISC",
"url" : "https://trac.xiph.org/ticket/853"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=249780",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
},
{
"name" : "https://trac.xiph.org/changeset/13168",
"refsource" : "CONFIRM",
"url" : "https://trac.xiph.org/changeset/13168"
},
{
"name" : "https://trac.xiph.org/ticket/300",
"refsource" : "CONFIRM",
"url" : "https://trac.xiph.org/ticket/300"
},
{
"name" : "DSA-1471",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1471"
},
{
"name" : "GLSA-200710-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200710-03.xml"
},
{
"name" : "MDKSA-2007:194",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:194"
},
{
"name" : "RHSA-2007:0845",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
},
{
"name" : "RHSA-2007:0912",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
},
{
"name" : "SUSE-SR:2007:023",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"name" : "oval:org.mitre.oval:def:11453",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11453"
},
{
"name" : "1018712",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018712"
},
{
"name" : "26865",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26865"
},
{
"name" : "27099",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27099"
},
{
"name" : "24923",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24923"
},
{
"name" : "27170",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27170"
},
{
"name" : "27439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27439"
},
{
"name" : "28614",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28614"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trac.xiph.org/changeset/13168",
"refsource": "CONFIRM",
"url": "https://trac.xiph.org/changeset/13168"
},
{
"name": "https://trac.xiph.org/changeset/13172",
"refsource": "MISC",
"url": "https://trac.xiph.org/changeset/13172"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=249780",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
},
{
"name": "28614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28614"
},
{
"name": "DSA-1471",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1471"
},
{
"name": "RHSA-2007:0912",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
},
{
"name": "GLSA-200710-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
},
{
"name": "27170",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27170"
},
{
"name": "1018712",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018712"
},
{
"name": "https://trac.xiph.org/changeset/13170",
"refsource": "MISC",
"url": "https://trac.xiph.org/changeset/13170"
},
{
"name": "http://svn.xiph.org/trunk/vorbis/CHANGES",
"refsource": "MISC",
"url": "http://svn.xiph.org/trunk/vorbis/CHANGES"
},
{
"name": "https://trac.xiph.org/changeset/13211",
"refsource": "MISC",
"url": "https://trac.xiph.org/changeset/13211"
},
{
"name": "https://trac.xiph.org/changeset/13169",
"refsource": "MISC",
"url": "https://trac.xiph.org/changeset/13169"
},
{
"name": "MDKSA-2007:194",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:194"
},
{
"name": "24923",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24923"
},
{
"name": "https://trac.xiph.org/ticket/853",
"refsource": "MISC",
"url": "https://trac.xiph.org/ticket/853"
},
{
"name": "27439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27439"
},
{
"name": "https://trac.xiph.org/changeset/13162",
"refsource": "MISC",
"url": "https://trac.xiph.org/changeset/13162"
},
{
"name": "https://trac.xiph.org/ticket/300",
"refsource": "CONFIRM",
"url": "https://trac.xiph.org/ticket/300"
},
{
"name": "27099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27099"
},
{
"name": "https://trac.xiph.org/changeset/13215",
"refsource": "MISC",
"url": "https://trac.xiph.org/changeset/13215"
},
{
"name": "26865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26865"
},
{
"name": "SUSE-SR:2007:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"name": "oval:org.mitre.oval:def:11453",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11453"
},
{
"name": "RHSA-2007:0845",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
}
]
}
}

328
2007/4xxx/CVE-2007-4589.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070826 InterWorx-CP Multiple HTML Injections Vulnerabilitie",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/477848/100/0/threaded"
},
{
"name" : "http://www.hackerscenter.com/archive/view.asp?id=27884",
"refsource" : "MISC",
"url" : "http://www.hackerscenter.com/archive/view.asp?id=27884"
},
{
"name" : "http://interworx.com/forums/showthread.php?t=2501",
"refsource" : "CONFIRM",
"url" : "http://interworx.com/forums/showthread.php?t=2501"
},
{
"name" : "25451",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25451"
},
{
"name" : "36767",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36767"
},
{
"name" : "36768",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36768"
},
{
"name" : "36769",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36769"
},
{
"name" : "36770",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36770"
},
{
"name" : "36771",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36771"
},
{
"name" : "36772",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36772"
},
{
"name" : "36773",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36773"
},
{
"name" : "36774",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36774"
},
{
"name" : "36775",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36775"
},
{
"name" : "36776",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36776"
},
{
"name" : "36777",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36777"
},
{
"name" : "36778",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36778"
},
{
"name" : "36779",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36779"
},
{
"name" : "36780",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36780"
},
{
"name" : "26586",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26586"
},
{
"name" : "3070",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3070"
},
{
"name" : "interworx-siteworx-multiple-file-include(36300)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36300"
},
{
"name" : "interworxcp-index-xss(36297)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36297"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36778",
"refsource": "OSVDB",
"url": "http://osvdb.org/36778"
},
{
"name": "25451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25451"
},
{
"name": "3070",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3070"
},
{
"name": "http://interworx.com/forums/showthread.php?t=2501",
"refsource": "CONFIRM",
"url": "http://interworx.com/forums/showthread.php?t=2501"
},
{
"name": "36772",
"refsource": "OSVDB",
"url": "http://osvdb.org/36772"
},
{
"name": "36775",
"refsource": "OSVDB",
"url": "http://osvdb.org/36775"
},
{
"name": "36771",
"refsource": "OSVDB",
"url": "http://osvdb.org/36771"
},
{
"name": "36776",
"refsource": "OSVDB",
"url": "http://osvdb.org/36776"
},
{
"name": "36773",
"refsource": "OSVDB",
"url": "http://osvdb.org/36773"
},
{
"name": "36780",
"refsource": "OSVDB",
"url": "http://osvdb.org/36780"
},
{
"name": "36779",
"refsource": "OSVDB",
"url": "http://osvdb.org/36779"
},
{
"name": "36768",
"refsource": "OSVDB",
"url": "http://osvdb.org/36768"
},
{
"name": "36774",
"refsource": "OSVDB",
"url": "http://osvdb.org/36774"
},
{
"name": "http://www.hackerscenter.com/archive/view.asp?id=27884",
"refsource": "MISC",
"url": "http://www.hackerscenter.com/archive/view.asp?id=27884"
},
{
"name": "26586",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26586"
},
{
"name": "20070826 InterWorx-CP Multiple HTML Injections Vulnerabilitie",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477848/100/0/threaded"
},
{
"name": "36777",
"refsource": "OSVDB",
"url": "http://osvdb.org/36777"
},
{
"name": "36769",
"refsource": "OSVDB",
"url": "http://osvdb.org/36769"
},
{
"name": "36767",
"refsource": "OSVDB",
"url": "http://osvdb.org/36767"
},
{
"name": "interworx-siteworx-multiple-file-include(36300)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36300"
},
{
"name": "interworxcp-index-xss(36297)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36297"
},
{
"name": "36770",
"refsource": "OSVDB",
"url": "http://osvdb.org/36770"
}
]
}
}

148
2007/4xxx/CVE-2007-4955.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4955",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4415",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4415"
},
{
"name" : "25680",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25680"
},
{
"name" : "26799",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26799"
},
{
"name" : "flashfun-mosconfig-file-include(36638)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36638"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25680"
},
{
"name": "4415",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4415"
},
{
"name": "flashfun-mosconfig-file-include(36638)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36638"
},
{
"name": "26799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26799"
}
]
}
}

328
2007/4xxx/CVE-2007-4987.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4987",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\\0' character to an out-of-bounds address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070919 Multiple Vendor ImageMagick Off-By-One Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595"
},
{
"name" : "20071112 FLEA-2007-0066-1 ImageMagick",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/483572/100/0/threaded"
},
{
"name" : "[Magick-announce] 20070917 ImageMagick 6.3.5-9, important security updates",
"refsource" : "MLIST",
"url" : "http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html"
},
{
"name" : "http://www.imagemagick.org/script/changelog.php",
"refsource" : "CONFIRM",
"url" : "http://www.imagemagick.org/script/changelog.php"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1743",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1743"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=186030",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=186030"
},
{
"name" : "DSA-1858",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1858"
},
{
"name" : "GLSA-200710-27",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200710-27.xml"
},
{
"name" : "MDVSA-2008:035",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035"
},
{
"name" : "SUSE-SR:2007:023",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"name" : "USN-523-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-523-1"
},
{
"name" : "25766",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25766"
},
{
"name" : "36260",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36260"
},
{
"name" : "ADV-2007-3245",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3245"
},
{
"name" : "1018729",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018729"
},
{
"name" : "26926",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26926"
},
{
"name" : "27048",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27048"
},
{
"name" : "27309",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27309"
},
{
"name" : "27364",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27364"
},
{
"name" : "27439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27439"
},
{
"name" : "28721",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28721"
},
{
"name" : "imagemagick-readblogstring-bo(36739)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36739"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\\0' character to an out-of-bounds address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27364",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27364"
},
{
"name": "20071112 FLEA-2007-0066-1 ImageMagick",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483572/100/0/threaded"
},
{
"name": "USN-523-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-523-1"
},
{
"name": "27309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27309"
},
{
"name": "25766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25766"
},
{
"name": "http://www.imagemagick.org/script/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.imagemagick.org/script/changelog.php"
},
{
"name": "imagemagick-readblogstring-bo(36739)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36739"
},
{
"name": "ADV-2007-3245",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3245"
},
{
"name": "GLSA-200710-27",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200710-27.xml"
},
{
"name": "1018729",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018729"
},
{
"name": "27048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27048"
},
{
"name": "28721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28721"
},
{
"name": "27439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27439"
},
{
"name": "https://issues.rpath.com/browse/RPL-1743",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1743"
},
{
"name": "DSA-1858",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1858"
},
{
"name": "[Magick-announce] 20070917 ImageMagick 6.3.5-9, important security updates",
"refsource": "MLIST",
"url": "http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html"
},
{
"name": "26926",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26926"
},
{
"name": "MDVSA-2008:035",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035"
},
{
"name": "20070919 Multiple Vendor ImageMagick Off-By-One Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=186030",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=186030"
},
{
"name": "SUSE-SR:2007:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"name": "36260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36260"
}
]
}
}

438
2007/6xxx/CVE-2007-6203.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6203",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
},
{
"name" : "http://procheckup.com/Vulnerability_PR07-37.php",
"refsource" : "MISC",
"url" : "http://procheckup.com/Vulnerability_PR07-37.php"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307562",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html",
"refsource" : "CONFIRM",
"url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
},
{
"name" : "PK57952",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
},
{
"name" : "PK65782",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
},
{
"name" : "APPLE-SA-2008-03-18",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name" : "GLSA-200803-19",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200803-19.xml"
},
{
"name" : "HPSBUX02465",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=125631037611762&w=2"
},
{
"name" : "SSRT090192",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=125631037611762&w=2"
},
{
"name" : "HPSBUX02612",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
},
{
"name" : "SSRT100345",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
},
{
"name" : "SUSE-SA:2008:021",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
},
{
"name" : "USN-731-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-731-1"
},
{
"name" : "26663",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26663"
},
{
"name" : "oval:org.mitre.oval:def:12166",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
},
{
"name" : "34219",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34219"
},
{
"name" : "ADV-2007-4060",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4060"
},
{
"name" : "ADV-2007-4301",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4301"
},
{
"name" : "ADV-2008-0924",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name" : "ADV-2008-1623",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1623/references"
},
{
"name" : "ADV-2008-1875",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1875/references"
},
{
"name" : "1019030",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019030"
},
{
"name" : "27906",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27906"
},
{
"name" : "28196",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28196"
},
{
"name" : "29348",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29348"
},
{
"name" : "29420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29420"
},
{
"name" : "29640",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29640"
},
{
"name" : "30356",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30356"
},
{
"name" : "30732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30732"
},
{
"name" : "33105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33105"
},
{
"name" : "3411",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3411"
},
{
"name" : "apache-413error-xss(38800)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PK57952",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
},
{
"name": "GLSA-200803-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
},
{
"name": "26663",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26663"
},
{
"name": "oval:org.mitre.oval:def:12166",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
},
{
"name": "34219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34219"
},
{
"name": "HPSBUX02465",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"
},
{
"name": "27906",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27906"
},
{
"name": "ADV-2008-1623",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1623/references"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SSRT090192",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"
},
{
"name": "3411",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3411"
},
{
"name": "ADV-2007-4301",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4301"
},
{
"name": "USN-731-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-731-1"
},
{
"name": "HPSBUX02612",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "ADV-2007-4060",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4060"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "33105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33105"
},
{
"name": "1019030",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019030"
},
{
"name": "PK65782",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
},
{
"name": "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
},
{
"name": "29348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29348"
},
{
"name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
},
{
"name": "28196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28196"
},
{
"name": "SUSE-SA:2008:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
},
{
"name": "30356",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30356"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "SSRT100345",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
},
{
"name": "29640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29640"
},
{
"name": "apache-413error-xss(38800)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
},
{
"name": "ADV-2008-1875",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1875/references"
},
{
"name": "30732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30732"
},
{
"name": "http://procheckup.com/Vulnerability_PR07-37.php",
"refsource": "MISC",
"url": "http://procheckup.com/Vulnerability_PR07-37.php"
}
]
}
}

168
2007/6xxx/CVE-2007-6546.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6546",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071225 Multiple vulnerabilities in RUNCMS 1.6 by DSecRG",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485512/100/0/threaded"
},
{
"name" : "4790",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4790"
},
{
"name" : "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131",
"refsource" : "MISC",
"url" : "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131"
},
{
"name" : "27019",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27019"
},
{
"name" : "41245",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/41245"
},
{
"name" : "3493",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3493"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4790",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4790"
},
{
"name": "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131",
"refsource": "MISC",
"url": "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131"
},
{
"name": "27019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27019"
},
{
"name": "41245",
"refsource": "OSVDB",
"url": "http://osvdb.org/41245"
},
{
"name": "3493",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3493"
},
{
"name": "20071225 Multiple vulnerabilities in RUNCMS 1.6 by DSecRG",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485512/100/0/threaded"
}
]
}
}

158
2007/6xxx/CVE-2007-6699.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071225 AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2007/Dec/0561.html"
},
{
"name" : "20071227 Re: AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2007/Dec/0574.html"
},
{
"name" : "27026",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27026"
},
{
"name" : "41198",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/41198"
},
{
"name" : "1019143",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019143"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019143",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019143"
},
{
"name": "20071225 AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Dec/0561.html"
},
{
"name": "20071227 Re: AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Dec/0574.html"
},
{
"name": "27026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27026"
},
{
"name": "41198",
"refsource": "OSVDB",
"url": "http://osvdb.org/41198"
}
]
}
}

168
2010/1xxx/CVE-2010-1555.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-1555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100511 ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511250/100/0/threaded"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-086/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-086/"
},
{
"name" : "HPSBMA02527",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name" : "SSRT010098",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name" : "SSRT090230",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name" : "40072",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40072"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT010098",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name": "20100511 ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511250/100/0/threaded"
},
{
"name": "40072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40072"
},
{
"name": "HPSBMA02527",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name": "SSRT090230",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-086/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-086/"
}
]
}
}

32
2010/1xxx/CVE-2010-1680.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1680",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-1680",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none."
}
]
}
}

32
2010/5xxx/CVE-2010-5125.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5125",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-5125",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

198
2010/5xxx/CVE-2010-5161.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource" : "MISC",
"url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource" : "MISC",
"url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource" : "MISC",
"url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name" : "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource" : "MISC",
"url" : "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource" : "MISC",
"url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name" : "39924",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39924"
},
{
"name" : "67660",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/67660"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource": "MISC",
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name": "39924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39924"
},
{
"name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name": "67660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67660"
},
{
"name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name": "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource": "MISC",
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
]
}
}

128
2014/0xxx/CVE-2014-0249.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[SSSD] 20140513 On POSIX and non-POSIX groups",
"refsource" : "MLIST",
"url" : "https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019495.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101751",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101751"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[SSSD] 20140513 On POSIX and non-POSIX groups",
"refsource": "MLIST",
"url": "https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019495.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101751",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101751"
}
]
}
}

138
2014/0xxx/CVE-2014-0485.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0485",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140828 CVE-2014-0485: unsafe Python pickle in s3ql",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/08/28/3"
},
{
"name" : "https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8",
"refsource" : "CONFIRM",
"url" : "https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8"
},
{
"name" : "DSA-3013",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3013"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8"
},
{
"name": "DSA-3013",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3013"
},
{
"name": "[oss-security] 20140828 CVE-2014-0485: unsafe Python pickle in s3ql",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/28/3"
}
]
}
}

32
2014/1xxx/CVE-2014-1437.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1437",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-1437",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

198
2014/1xxx/CVE-2014-1718.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-1718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=348332",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=348332"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?revision=257417&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?revision=257417&view=revision"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?revision=258418&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?revision=258418&view=revision"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?revision=260969&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?revision=260969&view=revision"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?revision=261817&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?revision=261817&view=revision"
},
{
"name" : "DSA-2905",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2905"
},
{
"name" : "GLSA-201408-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name" : "openSUSE-SU-2014:0601",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=348332",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=348332"
},
{
"name": "https://src.chromium.org/viewvc/chrome?revision=257417&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=257417&view=revision"
},
{
"name": "https://src.chromium.org/viewvc/chrome?revision=260969&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=260969&view=revision"
},
{
"name": "openSUSE-SU-2014:0601",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html"
},
{
"name": "GLSA-201408-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name": "DSA-2905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2905"
},
{
"name": "https://src.chromium.org/viewvc/chrome?revision=258418&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=258418&view=revision"
},
{
"name": "https://src.chromium.org/viewvc/chrome?revision=261817&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=261817&view=revision"
}
]
}
}

32
2014/1xxx/CVE-2014-1863.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1863",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1863",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2014/5xxx/CVE-2014-5127.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140827 Encore Discovery Solution Multiple Vulnerability Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533233/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/128013/Encore-Discovery-Solution-4.3-Open-Redirect-Session-Token-In-URL.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128013/Encore-Discovery-Solution-4.3-Open-Redirect-Session-Token-In-URL.html"
},
{
"name" : "69427",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69427"
},
{
"name" : "encore-discovery-cve20145127-open-redirect(95568)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95568"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "encore-discovery-cve20145127-open-redirect(95568)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95568"
},
{
"name": "http://packetstormsecurity.com/files/128013/Encore-Discovery-Solution-4.3-Open-Redirect-Session-Token-In-URL.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128013/Encore-Discovery-Solution-4.3-Open-Redirect-Session-Token-In-URL.html"
},
{
"name": "20140827 Encore Discovery Solution Multiple Vulnerability Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533233/100/0/threaded"
},
{
"name": "69427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69427"
}
]
}
}

138
2014/5xxx/CVE-2014-5395.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "46092",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46092/"
},
{
"name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm"
},
{
"name" : "69162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69162"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm"
},
{
"name": "69162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69162"
},
{
"name": "46092",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46092/"
}
]
}
}

138
2014/5xxx/CVE-2014-5852.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5852",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Kakao (aka com.com2us.tinypang.kakao.freefull2.google.global.android.common) application 2.11.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#796249",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/796249"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kakao (aka com.com2us.tinypang.kakao.freefull2.google.global.android.common) application 2.11.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#796249",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/796249"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/5xxx/CVE-2014-5934.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5934",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Flurv Chat (aka com.flurv.android) application 4.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#220201",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/220201"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Flurv Chat (aka com.flurv.android) application 4.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#220201",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/220201"
}
]
}
}

158
2015/2xxx/CVE-2015-2199.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2199",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "36086",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/36086"
},
{
"name" : "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html",
"refsource" : "MISC",
"url" : "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html"
},
{
"name" : "http://www.wonderplugin.com/wordpress-audio-player/",
"refsource" : "MISC",
"url" : "http://www.wonderplugin.com/wordpress-audio-player/"
},
{
"name" : "118508",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/118508"
},
{
"name" : "118509",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/118509"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html",
"refsource": "MISC",
"url": "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html"
},
{
"name": "118508",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/118508"
},
{
"name": "36086",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/36086"
},
{
"name": "118509",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/118509"
},
{
"name": "http://www.wonderplugin.com/wordpress-audio-player/",
"refsource": "MISC",
"url": "http://www.wonderplugin.com/wordpress-audio-player/"
}
]
}
}

128
2015/2xxx/CVE-2015-2453.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information via a crafted application that continues to execute during a subsequent user's login session, aka \"Windows CSRSS Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-080",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080"
},
{
"name" : "1033238",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033238"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information via a crafted application that continues to execute during a subsequent user's login session, aka \"Windows CSRSS Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-080",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080"
},
{
"name": "1033238",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033238"
}
]
}
}

148
2015/2xxx/CVE-2015-2517.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2517",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka \"Win32k Memory Corruption Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-2511, CVE-2015-2518, and CVE-2015-2546."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "38278",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/38278/"
},
{
"name" : "MS15-097",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097"
},
{
"name" : "76606",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76606"
},
{
"name" : "1033485",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033485"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka \"Win32k Memory Corruption Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-2511, CVE-2015-2518, and CVE-2015-2546."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033485",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033485"
},
{
"name": "MS15-097",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097"
},
{
"name": "38278",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38278/"
},
{
"name": "76606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76606"
}
]
}
}

178
2015/2xxx/CVE-2015-2575.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-2575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20150417-0003/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20150417-0003/"
},
{
"name" : "DSA-3621",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3621"
},
{
"name" : "SUSE-SU-2015:0946",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"name" : "openSUSE-SU-2015:0967",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html"
},
{
"name" : "74075",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74075"
},
{
"name" : "1032121",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032121"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:0967",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20150417-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20150417-0003/"
},
{
"name": "DSA-3621",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3621"
},
{
"name": "74075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74075"
},
{
"name": "1032121",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032121"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
]
}
}

188
2015/2xxx/CVE-2015-2641.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2641",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-2641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name" : "GLSA-201610-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-06"
},
{
"name" : "RHSA-2015:1630",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1630.html"
},
{
"name" : "RHSA-2015:1646",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1646.html"
},
{
"name" : "openSUSE-SU-2015:1629",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html"
},
{
"name" : "USN-2674-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2674-1"
},
{
"name" : "75815",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75815"
},
{
"name" : "1032911",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032911"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "1032911",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032911"
},
{
"name": "RHSA-2015:1646",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1646.html"
},
{
"name": "openSUSE-SU-2015:1629",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html"
},
{
"name": "75815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75815"
},
{
"name": "USN-2674-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2674-1"
},
{
"name": "GLSA-201610-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-06"
},
{
"name": "RHSA-2015:1630",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1630.html"
}
]
}
}

118
2015/2xxx/CVE-2015-2897.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2897",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#628568",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/628568"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#628568",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/628568"
}
]
}
}

148
2016/10xxx/CVE-2016-10055.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/26/9"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1410464",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1410464"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1"
},
{
"name" : "95193",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95193"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1410464",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410464"
},
{
"name": "95193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95193"
},
{
"name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/26/9"
}
]
}
}

128
2016/10xxx/CVE-2016-10286.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-10286",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400904. References: QC-CR#1090237."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-10286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "98165",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98165"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400904. References: QC-CR#1090237."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98165"
},
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
}
]
}
}

130
2016/10xxx/CVE-2016-10484.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2016-10484",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SDX20"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, and SDX20, if a RPMB listener is registered with a very small buffer size, the calculation of the maximum transfer size for read and write operations may underflow, resulting in buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer overflow to buffer overflow in RPMB"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2016-10484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SDX20"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, and SDX20, if a RPMB listener is registered with a very small buffer size, the calculation of the maximum transfer size for read and write operations may underflow, resulting in buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow to buffer overflow in RPMB"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

120
2016/10xxx/CVE-2016-10613.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10613",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "bionode-sra node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bionode-sra node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/211",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/211"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/211",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/211"
}
]
}
}

118
2016/10xxx/CVE-2016-10738.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zenbership v107 has CSRF via admin/cp-functions/event-add.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40620",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40620"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zenbership v107 has CSRF via admin/cp-functions/event-add.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40620",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40620"
}
]
}
}

178
2016/4xxx/CVE-2016-4450.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4450",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[nginx-announce] 20160531 nginx security advisory (CVE-2016-4450)",
"refsource" : "MLIST",
"url" : "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"
},
{
"name" : "DSA-3592",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3592"
},
{
"name" : "GLSA-201606-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201606-06"
},
{
"name" : "RHSA-2016:1425",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1425"
},
{
"name" : "USN-2991-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2991-1"
},
{
"name" : "90967",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90967"
},
{
"name" : "1036019",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036019"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036019",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036019"
},
{
"name": "GLSA-201606-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-06"
},
{
"name": "[nginx-announce] 20160531 nginx security advisory (CVE-2016-4450)",
"refsource": "MLIST",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"
},
{
"name": "USN-2991-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2991-1"
},
{
"name": "DSA-3592",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3592"
},
{
"name": "RHSA-2016:1425",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1425"
},
{
"name": "90967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90967"
}
]
}
}

148
2016/4xxx/CVE-2016-4848.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/arslancb/clipbucket/commit/ff5e37d3e1098a7ce2b9fe60389b14514932dd93",
"refsource" : "CONFIRM",
"url" : "https://github.com/arslancb/clipbucket/commit/ff5e37d3e1098a7ce2b9fe60389b14514932dd93"
},
{
"name" : "JVN#28386124",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN28386124/index.html"
},
{
"name" : "JVNDB-2016-000140",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000140"
},
{
"name" : "92537",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92537"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000140",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000140"
},
{
"name": "https://github.com/arslancb/clipbucket/commit/ff5e37d3e1098a7ce2b9fe60389b14514932dd93",
"refsource": "CONFIRM",
"url": "https://github.com/arslancb/clipbucket/commit/ff5e37d3e1098a7ce2b9fe60389b14514932dd93"
},
{
"name": "JVN#28386124",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN28386124/index.html"
},
{
"name": "92537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92537"
}
]
}
}

148
2016/4xxx/CVE-2016-4869.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.cybozu.com/ja-jp/article/9428",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/9428"
},
{
"name" : "JVN#09736331",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN09736331/index.html"
},
{
"name" : "JVNDB-2016-000191",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html"
},
{
"name" : "97715",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97715"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97715"
},
{
"name": "JVNDB-2016-000191",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html"
},
{
"name": "JVN#09736331",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN09736331/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9428",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9428"
}
]
}
}

32
2016/8xxx/CVE-2016-8058.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8058",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8058",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

128
2016/8xxx/CVE-2016-8100.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2016-8100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2016-8100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060&languageid=en-fr"
},
{
"name" : "93484",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93484"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93484"
},
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060&languageid=en-fr"
}
]
}
}

32
2016/8xxx/CVE-2016-8246.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8246",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8246",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

128
2016/9xxx/CVE-2016-9242.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/exponentcms/exponent-cms/commit/6172f67620ac13fc2f4e9d650c61937d48e9ecb9",
"refsource" : "CONFIRM",
"url" : "https://github.com/exponentcms/exponent-cms/commit/6172f67620ac13fc2f4e9d650c61937d48e9ecb9"
},
{
"name" : "94194",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94194"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94194"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/6172f67620ac13fc2f4e9d650c61937d48e9ecb9",
"refsource": "CONFIRM",
"url": "https://github.com/exponentcms/exponent-cms/commit/6172f67620ac13fc2f4e9d650c61937d48e9ecb9"
}
]
}
}

32
2016/9xxx/CVE-2016-9546.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9546",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9546",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2028.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2028",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2028",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2019/2xxx/CVE-2019-2502.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.0.13 and prior"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.13 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20190118-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"name" : "106625",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106625"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106625"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
}
]
}
}

130
2019/2xxx/CVE-2019-2549.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Direct Banking",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.0.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Direct Banking",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106613",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106613"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106613"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
}
]
}
}

32
2019/2xxx/CVE-2019-2592.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2592",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2592",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2849.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2849",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2849",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/3xxx/CVE-2019-3720.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3720",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3720",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

164
2019/3xxx/CVE-2019-3803.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2019-01-10T00:00:00.000Z",
"ID" : "CVE-2019-3803",
"STATE" : "PUBLIC",
"TITLE" : "Concourse includes token in CLI authentication callback"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Concourse",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "all versions",
"version_value" : "4.2.2"
}
]
}
}
]
},
"vendor_name" : "Pivotal"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "LOW",
"baseScore" : 4.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200: Information Exposure"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-01-10T00:00:00.000Z",
"ID": "CVE-2019-3803",
"STATE": "PUBLIC",
"TITLE": "Concourse includes token in CLI authentication callback"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Concourse",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "all versions",
"version_value": "4.2.2"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2019-3803",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2019-3803"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-3803",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3803"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

118
2019/3xxx/CVE-2019-3910.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnreport@tenable.com",
"ID" : "CVE-2019-3910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Crestron AM-100 Before 1.6.0.2",
"version" : {
"version_data" : [
{
"version_value" : "Crestron AM-100 Before 1.6.0.2"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crestron AM-100 Before 1.6.0.2",
"version": {
"version_data": [
{
"version_value": "Crestron AM-100 Before 1.6.0.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2019-02",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2019-02"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-02",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-02"
}
]
}
}

32
2019/6xxx/CVE-2019-6288.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6288",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6288",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2019/6xxx/CVE-2019-6510.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/creditease-sec/insight/issues/42",
"refsource" : "MISC",
"url" : "https://github.com/creditease-sec/insight/issues/42"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/creditease-sec/insight/issues/42",
"refsource": "MISC",
"url": "https://github.com/creditease-sec/insight/issues/42"
}
]
}
}

32
2019/6xxx/CVE-2019-6669.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6669",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6669",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2019/6xxx/CVE-2019-6803.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6803",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/typora/typora-issues/issues/2124",
"refsource" : "MISC",
"url" : "https://github.com/typora/typora-issues/issues/2124"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/typora/typora-issues/issues/2124",
"refsource": "MISC",
"url": "https://github.com/typora/typora-issues/issues/2124"
}
]
}
}

32
2019/6xxx/CVE-2019-6942.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6942",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6942",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/7xxx/CVE-2019-7084.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7084",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7084",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/7xxx/CVE-2019-7686.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7686",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7686",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2019/7xxx/CVE-2019-7731.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7731",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/eddietcc/CVEnotes/blob/master/MyWebSQL/RCE/readme.md",
"refsource" : "MISC",
"url" : "https://github.com/eddietcc/CVEnotes/blob/master/MyWebSQL/RCE/readme.md"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eddietcc/CVEnotes/blob/master/MyWebSQL/RCE/readme.md",
"refsource": "MISC",
"url": "https://github.com/eddietcc/CVEnotes/blob/master/MyWebSQL/RCE/readme.md"
}
]
}
}