admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:17:34 +00:00
parent e197624a9a
commit acfac200f6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3417 additions and 3417 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2007/2xxx/CVE-2007-2077.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2077", "ID": "CVE-2007-2077",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating \"this issue was fixed last year and [no] is longer a problem.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070414 Maian Search v1.1", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/465731/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating \"this issue was fixed last year and [no] is longer a problem.\""
{ }
"name" : "20070414 Re: Maian Search v1.1", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/465857/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20070415 Re: phpMyChat-0.14.5", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20070414 false: Maian Search v1.1", ]
"refsource" : "VIM", }
"url" : "http://attrition.org/pipermail/vim/2007-April/001524.html" ]
}, },
{ "references": {
"name" : "34150", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/34150" "name": "20070414 Re: Maian Search v1.1",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/465857/100/0/threaded"
} },
} {
"name": "20070415 Re: phpMyChat-0.14.5",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html"
},
{
"name": "20070414 false: Maian Search v1.1",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-April/001524.html"
},
{
"name": "34150",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34150"
},
{
"name": "20070414 Maian Search v1.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465731/100/0/threaded"
}
]
}
}

160
2007/2xxx/CVE-2007-2638.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2638", "ID": "CVE-2007-2638",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070511 eFileCabinet Authentication Bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/468314/100/0/threaded" "lang": "eng",
}, "value": "eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures."
{ }
"name" : "23944", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/23944" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34774", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/34774" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2696", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/2696" ]
}, },
{ "references": {
"name" : "efilecabinet-cabinetnumber-security-bypass(34251)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34251" "name": "2696",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/2696"
} },
} {
"name": "23944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23944"
},
{
"name": "34774",
"refsource": "OSVDB",
"url": "http://osvdb.org/34774"
},
{
"name": "efilecabinet-cabinetnumber-security-bypass(34251)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34251"
},
{
"name": "20070511 eFileCabinet Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468314/100/0/threaded"
}
]
}
}

160
2007/2xxx/CVE-2007-2664.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2664", "ID": "CVE-2007-2664",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "3908", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/3908" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function."
{ }
"name" : "ADV-2007-1797", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2007/1797" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36060", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36060" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25254", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/25254" ]
}, },
{ "references": {
"name" : "yaap-common-file-include(34264)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34264" "name": "36060",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/36060"
} },
} {
"name": "3908",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3908"
},
{
"name": "ADV-2007-1797",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1797"
},
{
"name": "25254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25254"
},
{
"name": "yaap-common-file-include(34264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34264"
}
]
}
}

160
2007/2xxx/CVE-2007-2705.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2705", "ID": "CVE-2007-2705",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when \"deployed in an exploded format,\" allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "BEA07-170.00", "description_data": [
"refsource" : "BEA", {
"url" : "http://dev2dev.bea.com/pub/advisory/239" "lang": "eng",
}, "value": "Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when \"deployed in an exploded format,\" allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors."
{ }
"name" : "36063", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/36063" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-1815", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1815" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1018059", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1018059" ]
}, },
{ "references": {
"name" : "weblogic-testview-directory-traversal(34281)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34281" "name": "1018059",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1018059"
} },
} {
"name": "36063",
"refsource": "OSVDB",
"url": "http://osvdb.org/36063"
},
{
"name": "ADV-2007-1815",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1815"
},
{
"name": "BEA07-170.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/239"
},
{
"name": "weblogic-testview-directory-traversal(34281)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34281"
}
]
}
}

180
2007/2xxx/CVE-2007-2929.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2007-2929", "ID": "CVE-2007-2929",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649" "lang": "eng",
}, "value": "The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code."
{ }
"name" : "MS07-045", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#426737", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/426737" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25311", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/25311" ]
}, },
{ "references": {
"name" : "ADV-2007-2882", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2882" "name": "ADV-2007-2882",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2882"
"name" : "26482", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26482" "name": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649",
}, "refsource": "CONFIRM",
{ "url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649"
"name" : "ibm-lenovo-acprunner-domain-code-execution(36035)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36035" "name": "MS07-045",
} "refsource": "MS",
] "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"
} },
} {
"name": "ibm-lenovo-acprunner-domain-code-execution(36035)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36035"
},
{
"name": "VU#426737",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/426737"
},
{
"name": "26482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26482"
},
{
"name": "25311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25311"
}
]
}
}

220
2007/2xxx/CVE-2007-2951.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2007-2951", "ID": "CVE-2007-2951",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070628 Secunia Research: KVIrc irc:// URI Handler Command ExecutionVulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/472441/100/0/threaded" "lang": "eng",
}, "value": "The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI."
{ }
"name" : "http://secunia.com/secunia_research/2007-56/advisory/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2007-56/advisory/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://svn.kvirc.de/kvirc/changeset/630/#file3", "description": [
"refsource" : "CONFIRM", {
"url" : "https://svn.kvirc.de/kvirc/changeset/630/#file3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200709-02", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-200709-02.xml" ]
}, },
{ "references": {
"name" : "SUSE-SR:2007:015", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" "name": "https://svn.kvirc.de/kvirc/changeset/630/#file3",
}, "refsource": "CONFIRM",
{ "url": "https://svn.kvirc.de/kvirc/changeset/630/#file3"
"name" : "24652", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24652" "name": "20070628 Secunia Research: KVIrc irc:// URI Handler Command ExecutionVulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/472441/100/0/threaded"
"name" : "37604", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37604" "name": "GLSA-200709-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200709-02.xml"
"name" : "ADV-2007-2334", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2334" "name": "kvirc-parseircurl-command-execution(35087)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35087"
"name" : "25740", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25740" "name": "26813",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26813"
"name" : "26813", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26813" "name": "ADV-2007-2334",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2334"
"name" : "kvirc-parseircurl-command-execution(35087)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35087" "name": "37604",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/37604"
} },
} {
"name": "24652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24652"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "http://secunia.com/secunia_research/2007-56/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-56/advisory/"
},
{
"name": "25740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25740"
}
]
}
}

170
2007/3xxx/CVE-2007-3230.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3230", "ID": "CVE-2007-3230",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4072", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4072" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter."
{ }
"name" : "24477", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24477" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-2208", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2208" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "36304", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/36304" ]
}, },
{ "references": {
"name" : "25687", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25687" "name": "4072",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/4072"
"name" : "phphtml-htmlclass-file-include(34871)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34871" "name": "phphtml-htmlclass-file-include(34871)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34871"
} },
} {
"name": "25687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25687"
},
{
"name": "36304",
"refsource": "OSVDB",
"url": "http://osvdb.org/36304"
},
{
"name": "ADV-2007-2208",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2208"
},
{
"name": "24477",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24477"
}
]
}
}

150
2007/3xxx/CVE-2007-3350.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3350", "ID": "CVE-2007-3350",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=293&", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=293&" "lang": "eng",
}, "value": "AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests."
{ }
"name" : "24533", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24533" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38562", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/38562" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "aol-siprequest-dos(35068)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35068" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=293&",
"refsource": "MISC",
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=293&"
},
{
"name": "38562",
"refsource": "OSVDB",
"url": "http://osvdb.org/38562"
},
{
"name": "24533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24533"
},
{
"name": "aol-siprequest-dos(35068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35068"
}
]
}
}

170
2007/3xxx/CVE-2007-3451.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3451", "ID": "CVE-2007-3451",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4104", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4104" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter."
{ }
"name" : "24632", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24632" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-2323", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2323" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37013", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/37013" ]
}, },
{ "references": {
"name" : "25834", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25834" "name": "4104",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/4104"
"name" : "6alblog-index-file-include(35157)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35157" "name": "37013",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/37013"
} },
} {
"name": "25834",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25834"
},
{
"name": "ADV-2007-2323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2323"
},
{
"name": "24632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24632"
},
{
"name": "6alblog-index-file-include(35157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35157"
}
]
}
}

150
2007/3xxx/CVE-2007-3831.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3831", "ID": "CVE-2007-3831",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.sybsecurity.com/hack-proventia-1.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.sybsecurity.com/hack-proventia-1.pdf" "lang": "eng",
}, "value": "PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter."
{ }
"name" : "36474", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/36474" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-2545", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2545" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25979", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/25979" ]
} },
] "references": {
} "reference_data": [
} {
"name": "25979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25979"
},
{
"name": "ADV-2007-2545",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2545"
},
{
"name": "36474",
"refsource": "OSVDB",
"url": "http://osvdb.org/36474"
},
{
"name": "http://www.sybsecurity.com/hack-proventia-1.pdf",
"refsource": "MISC",
"url": "http://www.sybsecurity.com/hack-proventia-1.pdf"
}
]
}
}

210
2007/3xxx/CVE-2007-3929.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3929", "ID": "CVE-2007-3929",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070719 Opera Software Opera Web Browser BitTorrent Dangling Pointer Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=564" "lang": "eng",
}, "value": "Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object."
{ }
"name" : "http://www.opera.com/support/search/view/862/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.opera.com/support/search/view/862/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200708-17", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200708-17.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SR:2007:015", ]
"refsource" : "SUSE", }
"url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" ]
}, },
{ "references": {
"name" : "24970", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24970" "name": "24970",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/24970"
"name" : "ADV-2007-2584", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2584" "name": "http://www.opera.com/support/search/view/862/",
}, "refsource": "CONFIRM",
{ "url": "http://www.opera.com/support/search/view/862/"
"name" : "1018431", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018431" "name": "opera-bittorrent-code-execution(35509)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35509"
"name" : "26138", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26138" "name": "1018431",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018431"
"name" : "26545", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26545" "name": "GLSA-200708-17",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200708-17.xml"
"name" : "opera-bittorrent-code-execution(35509)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35509" "name": "26138",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/26138"
} },
} {
"name": "ADV-2007-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2584"
},
{
"name": "26545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26545"
},
{
"name": "20070719 Opera Software Opera Web Browser BitTorrent Dangling Pointer Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=564"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}

200
2007/4xxx/CVE-2007-4656.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4656", "ID": "CVE-2007-4656",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392" "lang": "eng",
}, "value": "backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766."
{ }
"name" : "http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173", ]
"refsource" : "CONFIRM", },
"url" : "http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www2.backup-manager.org/Release063", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www2.backup-manager.org/Release063" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1518", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2008/dsa-1518" ]
}, },
{ "references": {
"name" : "25503", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25503" "name": "26657",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26657"
"name" : "37444", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37444" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392"
"name" : "1018639", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018639" "name": "25503",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/25503"
"name" : "26657", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26657" "name": "http://www2.backup-manager.org/Release063",
}, "refsource": "CONFIRM",
{ "url": "http://www2.backup-manager.org/Release063"
"name" : "29377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29377" "name": "29377",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/29377"
} },
} {
"name": "1018639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018639"
},
{
"name": "DSA-1518",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1518"
},
{
"name": "http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173",
"refsource": "CONFIRM",
"url": "http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173"
},
{
"name": "37444",
"refsource": "OSVDB",
"url": "http://osvdb.org/37444"
}
]
}
}

180
2007/4xxx/CVE-2007-4735.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4735", "ID": "CVE-2007-4735",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4354", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4354" "lang": "eng",
}, "value": "Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file."
{ }
"name" : "25512", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/25512" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "25513", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25513" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-3036", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/3036" ]
}, },
{ "references": {
"name" : "40307", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/40307" "name": "25513",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/25513"
"name" : "26665", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26665" "name": "25512",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/25512"
"name" : "virtualdj-m3u-bo(36430)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36430" "name": "26665",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/26665"
} },
} {
"name": "4354",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4354"
},
{
"name": "40307",
"refsource": "OSVDB",
"url": "http://osvdb.org/40307"
},
{
"name": "virtualdj-m3u-bo(36430)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36430"
},
{
"name": "ADV-2007-3036",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3036"
}
]
}
}

170
2007/6xxx/CVE-2007-6181.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6181", "ID": "CVE-2007-6181",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071124 [ISecAuditors Security Advisories] Cygwin buffer overflow due incorrect filename length check", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/484153/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19."
{ }
"name" : "[cygwin-developers] 20071108 Re: cygwin1.dll up to 1.5.22 overflow", ]
"refsource" : "MLIST", },
"url" : "http://cygwin.com/ml/cygwin-developers/2007-11/msg00005.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[cygwin-developers] 20071120 Re: cygwin1.dll up to 1.5.22 overflow", "description": [
"refsource" : "MLIST", {
"url" : "http://cygwin.com/ml/cygwin-developers/2007-11/msg00024.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[cygwin-developers] 20071120 Re: cygwin1.dll up to 1.5.22 overflow", ]
"refsource" : "MLIST", }
"url" : "http://cygwin.com/ml/cygwin-developers/2007-11/msg00026.html" ]
}, },
{ "references": {
"name" : "26557", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/26557" "name": "[cygwin-developers] 20071120 Re: cygwin1.dll up to 1.5.22 overflow",
}, "refsource": "MLIST",
{ "url": "http://cygwin.com/ml/cygwin-developers/2007-11/msg00026.html"
"name" : "3406", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3406" "name": "20071124 [ISecAuditors Security Advisories] Cygwin buffer overflow due incorrect filename length check",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/484153/100/0/threaded"
} },
} {
"name": "[cygwin-developers] 20071120 Re: cygwin1.dll up to 1.5.22 overflow",
"refsource": "MLIST",
"url": "http://cygwin.com/ml/cygwin-developers/2007-11/msg00024.html"
},
{
"name": "3406",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3406"
},
{
"name": "26557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26557"
},
{
"name": "[cygwin-developers] 20071108 Re: cygwin1.dll up to 1.5.22 overflow",
"refsource": "MLIST",
"url": "http://cygwin.com/ml/cygwin-developers/2007-11/msg00005.html"
}
]
}
}

140
2010/1xxx/CVE-2010-1182.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1182", "ID": "CVE-2010-1182",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "PK97376", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK97376" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors."
{ }
"name" : "PM09161", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2010-0609", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0609" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0609",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0609"
},
{
"name": "PK97376",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK97376"
},
{
"name": "PM09161",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161"
}
]
}
}

150
2010/1xxx/CVE-2010-1314.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1314", "ID": "CVE-2010-1314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt" "lang": "eng",
}, "value": "Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information."
{ }
"name" : "12086", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/12086" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39239", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/39239" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "39359", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/39359" ]
} },
] "references": {
} "reference_data": [
} {
"name": "12086",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12086"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt"
},
{
"name": "39239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39239"
},
{
"name": "39359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39359"
}
]
}
}

160
2010/1xxx/CVE-2010-1670.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1670", "ID": "CVE-2010-1670",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://wiki.mahara.org/Release_Notes/1.0.15", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.mahara.org/Release_Notes/1.0.15" "lang": "eng",
}, "value": "Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information."
{ }
"name" : "http://wiki.mahara.org/Release_Notes/1.1.9", ]
"refsource" : "CONFIRM", },
"url" : "http://wiki.mahara.org/Release_Notes/1.1.9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://wiki.mahara.org/Release_Notes/1.2.5", "description": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.mahara.org/Release_Notes/1.2.5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "41319", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/41319" ]
}, },
{ "references": {
"name" : "40431", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40431" "name": "http://wiki.mahara.org/Release_Notes/1.1.9",
} "refsource": "CONFIRM",
] "url": "http://wiki.mahara.org/Release_Notes/1.1.9"
} },
} {
"name": "http://wiki.mahara.org/Release_Notes/1.2.5",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.0.15",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name": "40431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40431"
},
{
"name": "41319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41319"
}
]
}
}

200
2010/5xxx/CVE-2010-5160.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-5160", "ID": "CVE-2010-5160",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" "lang": "eng",
}, "value": "** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
{ }
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", "description": [
"refsource" : "MISC", {
"url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", ]
"refsource" : "MISC", }
"url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" ]
}, },
{ "references": {
"name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", "reference_data": [
"refsource" : "MISC", {
"url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
"name" : "http://www.f-secure.com/weblog/archives/00001949.html", },
"refsource" : "MISC", {
"url" : "http://www.f-secure.com/weblog/archives/00001949.html" "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
}, "refsource": "MISC",
{ "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
"name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", },
"refsource" : "MISC", {
"url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" "name": "39924",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/39924"
"name" : "39924", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/39924" "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
}, "refsource": "MISC",
{ "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
"name" : "67660", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/67660" "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
} "refsource": "FULLDISC",
] "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
} },
} {
"name": "67660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67660"
},
{
"name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name": "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource": "MISC",
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
]
}
}

160
2010/5xxx/CVE-2010-5284.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-5284", "ID": "CVE-2010-5284",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "15240", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/15240" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php."
{ }
"name" : "http://packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "44050", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/44050" ]
}, },
{ "references": {
"name" : "41805", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41805" "name": "44050",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/44050"
} },
} {
"name": "15240",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15240"
},
{
"name": "http://packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt"
},
{
"name": "41805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41805"
},
{
"name": "http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt",
"refsource": "MISC",
"url": "http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt"
}
]
}
}

200
2014/0xxx/CVE-2014-0106.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0106", "ID": "CVE-2014-0106",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140305 sudo: security policy bypass when env_reset is disabled", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/03/06/2" "lang": "eng",
}, "value": "Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable."
{ }
"name" : "http://www.sudo.ws/sudo/alerts/env_add.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.sudo.ws/sudo/alerts/env_add.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/kb/HT205031", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/kb/HT205031" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2015-08-13-2", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
"name" : "RHSA-2014:0266", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0266.html" "name": "http://www.sudo.ws/sudo/alerts/env_add.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.sudo.ws/sudo/alerts/env_add.html"
"name" : "SUSE-SU-2014:0475", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html" "name": "SUSE-SU-2014:0475",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html"
"name" : "USN-2146-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2146-1" "name": "APPLE-SA-2015-08-13-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
"name" : "65997", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/65997" "name": "USN-2146-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-2146-1"
} },
} {
"name": "RHSA-2014:0266",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0266.html"
},
{
"name": "[oss-security] 20140305 sudo: security policy bypass when env_reset is disabled",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/06/2"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "65997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65997"
}
]
}
}

170
2014/0xxx/CVE-2014-0438.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-0438", "ID": "CVE-2014-0438",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Panel Processor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Panel Processor."
{ }
"name" : "64758", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/64758" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "64887", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64887" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "102043", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/102043" ]
}, },
{ "references": {
"name" : "1029623", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029623" "name": "64887",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/64887"
"name" : "56478", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56478" "name": "102043",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/102043"
} },
} {
"name": "56478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56478"
},
{
"name": "1029623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029623"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
}

140
2014/0xxx/CVE-2014-0913.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-0913", "ID": "CVE-2014-0913",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671981", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671981" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE."
{ }
"name" : "1030215", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1030215" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-inotes-cve20140913-xss(91880)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91880" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1030215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030215"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671981",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671981"
},
{
"name": "ibm-inotes-cve20140913-xss(91880)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91880"
}
]
}
}

34
2014/0xxx/CVE-2014-0938.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-0938", "ID": "CVE-2014-0938",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/100xxx/CVE-2014-100030.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-100030", "ID": "CVE-2014-100030",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/125464", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/125464" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action."
{ }
"name" : "57171", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/57171" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ganesha-gdl-xss(91553)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91553" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ganesha-gdl-xss(91553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91553"
},
{
"name": "57171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57171"
},
{
"name": "http://packetstormsecurity.com/files/125464",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125464"
}
]
}
}

140
2014/5xxx/CVE-2014-5202.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5202", "ID": "CVE-2014-5202",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/127430/WordPress-Compfight-1.4-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/127430/WordPress-Compfight-1.4-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter."
{ }
"name" : "http://downloads.wordpress.org/plugin/compfight.1.5.zip", ]
"refsource" : "CONFIRM", },
"url" : "http://downloads.wordpress.org/plugin/compfight.1.5.zip" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://wordpress.org/plugins/compfight/changelog/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://wordpress.org/plugins/compfight/changelog/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/plugins/compfight/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/compfight/changelog/"
},
{
"name": "http://packetstormsecurity.com/files/127430/WordPress-Compfight-1.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127430/WordPress-Compfight-1.4-Cross-Site-Scripting.html"
},
{
"name": "http://downloads.wordpress.org/plugin/compfight.1.5.zip",
"refsource": "CONFIRM",
"url": "http://downloads.wordpress.org/plugin/compfight.1.5.zip"
}
]
}
}

34
2014/5xxx/CVE-2014-5372.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5372", "ID": "CVE-2014-5372",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/5xxx/CVE-2014-5703.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-5703", "ID": "CVE-2014-5703",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) application 1.0.34 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) application 1.0.34 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#679385", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/679385" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#679385",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/679385"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2015/2xxx/CVE-2015-2235.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2015-2235", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2015-2235",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1067. Reason: This candidate is a duplicate of CVE-2015-1067. Notes: All CVE users should reference CVE-2015-1067 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1067. Reason: This candidate is a duplicate of CVE-2015-1067. Notes: All CVE users should reference CVE-2015-1067 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

120
2015/2xxx/CVE-2015-2904.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2015-2904", "ID": "CVE-2015-2904",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#335192", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/335192" "lang": "eng",
} "value": "Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#335192",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/335192"
}
]
}
}

140
2016/10xxx/CVE-2016-10115.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10115", "ID": "CVE-2016-10115",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.newskysecurity.com/2016/09/factory_reset_vuln_in_netgear_arlo/", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.newskysecurity.com/2016/09/factory_reset_vuln_in_netgear_arlo/" "lang": "eng",
}, "value": "NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration."
{ }
"name" : "http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability", ]
"refsource" : "MISC", },
"url" : "http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "95265", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95265" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability",
"refsource": "MISC",
"url": "http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability"
},
{
"name": "http://blog.newskysecurity.com/2016/09/factory_reset_vuln_in_netgear_arlo/",
"refsource": "MISC",
"url": "http://blog.newskysecurity.com/2016/09/factory_reset_vuln_in_netgear_arlo/"
},
{
"name": "95265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95265"
}
]
}
}

34
2016/10xxx/CVE-2016-10260.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10260", "ID": "CVE-2016-10260",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2016/10xxx/CVE-2016-10330.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@synology.com", "ASSIGNER": "security@synology.com",
"ID" : "CVE-2016-10330", "ID": "CVE-2016-10330",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Synology Photo Station", "product_name": "Synology Photo Station",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions prior to version 6.5.3-3226" "version_value": "All versions prior to version 6.5.3-3226"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Synology" "vendor_name": "Synology"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal (CWE-22); Privilege Escalation (CWE-269)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160128 CVE request: Synology Photo Station command injection and privilege escalation", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2016/q1/236" "lang": "eng",
}, "value": "Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors."
{ }
"name" : "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-03-Read-Write-Arbitrary-Files", ]
"refsource" : "MISC", },
"url" : "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-03-Read-Write-Arbitrary-Files" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-04-Privilege-Escalation", "description": [
"refsource" : "MISC", {
"url" : "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-04-Privilege-Escalation" "lang": "eng",
}, "value": "Directory Traversal (CWE-22); Privilege Escalation (CWE-269)"
{ }
"name" : "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226", ]
"refsource" : "CONFIRM", }
"url" : "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-04-Privilege-Escalation",
"refsource": "MISC",
"url": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-04-Privilege-Escalation"
},
{
"name": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-03-Read-Write-Arbitrary-Files",
"refsource": "MISC",
"url": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-03-Read-Write-Arbitrary-Files"
},
{
"name": "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226"
},
{
"name": "[oss-security] 20160128 CVE request: Synology Photo Station command injection and privilege escalation",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2016/q1/236"
}
]
}
}

34
2016/10xxx/CVE-2016-10463.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10463", "ID": "CVE-2016-10463",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2016/10xxx/CVE-2016-10710.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10710", "ID": "CVE-2016-10710",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/", "description_data": [
"refsource" : "MISC", {
"url" : "http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/" "lang": "eng",
} "value": "Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/",
"refsource": "MISC",
"url": "http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/"
}
]
}
}

140
2016/4xxx/CVE-2016-4520.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-4520", "ID": "CVE-2016-4520",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-196-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-196-01" "lang": "eng",
}, "value": "Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors."
{ }
"name" : "http://www.schneider-electric.com/ww/en/download/document/SEVD-2016-153-01", ]
"refsource" : "CONFIRM", },
"url" : "http://www.schneider-electric.com/ww/en/download/document/SEVD-2016-153-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "91783", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91783" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-196-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-196-01"
},
{
"name": "91783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91783"
},
{
"name": "http://www.schneider-electric.com/ww/en/download/document/SEVD-2016-153-01",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/ww/en/download/document/SEVD-2016-153-01"
}
]
}
}

150
2016/8xxx/CVE-2016-8685.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8685", "ID": "CVE-2016-8685",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161008 potrace: invalid memory access in findnext (decompose.c)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/10/08/17" "lang": "eng",
}, "value": "The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image."
{ }
"name" : "[oss-security] 20161015 Re: potrace: invalid memory access in findnext (decompose.c)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/10/16/9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/", "description": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "93470", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/93470" ]
} },
] "references": {
} "reference_data": [
} {
"name": "93470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93470"
},
{
"name": "[oss-security] 20161008 potrace: invalid memory access in findnext (decompose.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/17"
},
{
"name": "[oss-security] 20161015 Re: potrace: invalid memory access in findnext (decompose.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/9"
},
{
"name": "https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/"
}
]
}
}

200
2016/8xxx/CVE-2016-8692.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8692", "ID": "CVE-2016-8692",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160823 Fuzzing jasper", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/08/23/6" "lang": "eng",
}, "value": "The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command."
{ }
"name" : "[oss-security] 20161015 Re: Fuzzing jasper", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/10/16/14" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/", "description": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385502", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385502" ]
}, },
{ "references": {
"name" : "https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1385502",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385502"
"name" : "DSA-3785", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3785" "name": "DSA-3785",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3785"
"name" : "FEDORA-2016-81f9c6f0ae", },
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/" "name": "93588",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/93588"
"name" : "RHSA-2017:1208", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1208" "name": "RHSA-2017:1208",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1208"
"name" : "93588", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93588" "name": "[oss-security] 20160823 Fuzzing jasper",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2016/08/23/6"
} },
} {
"name": "FEDORA-2016-81f9c6f0ae",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/"
},
{
"name": "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/"
},
{
"name": "https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020",
"refsource": "CONFIRM",
"url": "https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020"
},
{
"name": "[oss-security] 20161015 Re: Fuzzing jasper",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/14"
}
]
}
}

120
2016/8xxx/CVE-2016-8726.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"ID" : "CVE-2016-8726", "ID": "CVE-2016-8726",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client", "product_name": "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.1" "version_value": "1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Moxa" "vendor_name": "Moxa"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Header Manipulation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0240/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0240/" "lang": "eng",
} "value": "An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Header Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0240/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0240/"
}
]
}
}

170
2016/9xxx/CVE-2016-9091.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@symantec.com", "ASSIGNER": "secure@symantec.com",
"ID" : "CVE-2016-9091", "ID": "CVE-2016-9091",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Blue Coat ASG", "product_name": "Blue Coat ASG",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.6 prior to 6.6.5.4" "version_value": "6.6 prior to 6.6.5.4"
} }
] ]
} }
}, },
{ {
"product_name" : "Blue Coat CAS", "product_name": "Blue Coat CAS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.3 prior to 1.3.7.4" "version_value": "1.3 prior to 1.3.7.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Symantec Corporation" "vendor_name": "Symantec Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS command injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41785", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41785/" "lang": "eng",
}, "value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
{ }
"name" : "41786", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/41786/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bto.bluecoat.com/security-advisory/sa138", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bto.bluecoat.com/security-advisory/sa138" "lang": "eng",
}, "value": "OS command injection"
{ }
"name" : "97372", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/97372" ]
} },
] "references": {
} "reference_data": [
} {
"name": "97372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa138",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
]
}
}

140
2016/9xxx/CVE-2016-9115.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9115", "ID": "CVE-2016-9115",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/uclouvain/openjpeg/issues/858", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/uclouvain/openjpeg/issues/858" "lang": "eng",
}, "value": "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file."
{ }
"name" : "GLSA-201710-26", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201710-26" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "93977", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93977" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"name": "93977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93977"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/858",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/858"
}
]
}
}

180
2016/9xxx/CVE-2016-9830.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9830", "ID": "CVE-2016-9830",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161204 Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/12/05/5" "lang": "eng",
}, "value": "The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image."
{ }
"name" : "https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c", ]
"refsource" : "MISC", },
"url" : "https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/38d0f281e8c8", "description": [
"refsource" : "CONFIRM", {
"url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/38d0f281e8c8" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1401536", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1401536" ]
}, },
{ "references": {
"name" : "DSA-3746", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3746" "name": "openSUSE-SU-2016:3238",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html"
"name" : "openSUSE-SU-2016:3238", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html" "name": "[oss-security] 20161204 Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/12/05/5"
"name" : "94625", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94625" "name": "94625",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/94625"
} },
} {
"name": "DSA-3746",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3746"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1401536",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401536"
},
{
"name": "https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c"
},
{
"name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/38d0f281e8c8",
"refsource": "CONFIRM",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/38d0f281e8c8"
}
]
}
}

34
2016/9xxx/CVE-2016-9886.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-9886", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-9886",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2273.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2273", "ID": "CVE-2019-2273",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2019/2xxx/CVE-2019-2407.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2019-2407", "ID": "CVE-2019-2407",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hospitality Reporting and Analytics", "product_name": "Hospitality Reporting and Analytics",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "9.1.0" "version_value": "9.1.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)."
{ }
"name" : "106576", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106576" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106576",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106576"
}
]
}
}

142
2019/2xxx/CVE-2019-2540.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2019-2540", "ID": "CVE-2019-2540",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Java", "product_name": "Java",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "Java Advanced Management Console: 2.12" "version_value": "Java Advanced Management Console: 2.12"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "lang": "eng",
}, "value": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20190118-0001/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20190118-0001/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "106578", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106578" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20190118-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190118-0001/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106578"
}
]
}
}

34
2019/2xxx/CVE-2019-2883.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2883", "ID": "CVE-2019-2883",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6025.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6025", "ID": "CVE-2019-6025",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6207.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6207", "ID": "CVE-2019-6207",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6569.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6569", "ID": "CVE-2019-6569",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6631.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6631", "ID": "CVE-2019-6631",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7123.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7123", "ID": "CVE-2019-7123",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7291.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7291", "ID": "CVE-2019-7291",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2019/7xxx/CVE-2019-7328.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7328", "ID": "CVE-2019-7328",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ZoneMinder/zoneminder/issues/2449", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/ZoneMinder/zoneminder/issues/2449" "lang": "eng",
} "value": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZoneMinder/zoneminder/issues/2449",
"refsource": "MISC",
"url": "https://github.com/ZoneMinder/zoneminder/issues/2449"
}
]
}
}

120
2019/7xxx/CVE-2019-7649.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7649", "ID": "CVE-2019-7649",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/arterli/CmsWing/issues/41", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/arterli/CmsWing/issues/41" "lang": "eng",
} "value": "global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/arterli/CmsWing/issues/41",
"refsource": "MISC",
"url": "https://github.com/arterli/CmsWing/issues/41"
}
]
}
}

34
2019/7xxx/CVE-2019-7961.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7961", "ID": "CVE-2019-7961",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }