admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:59:06 +00:00
parent 5e1f294075
commit b10d1c637d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
43 changed files with 2714 additions and 2714 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/0xxx/CVE-1999-0058.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0058",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in PHP cgi program, php.cgi allows shell access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "712",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/712"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in PHP cgi program, php.cgi allows shell access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/712"
}
]
}
}

170
1999/0xxx/CVE-1999-0144.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0144",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Denial of service in Qmail by specifying a large number of recipients with the RCPT command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19970612 qmail-dos-2.c, another denial of service attack",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=87602558319024&w=2"
},
{
"name" : "19970612 Re: Denial of service (qmail-smtpd)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=87602558319029&w=2"
},
{
"name" : "http://cr.yp.to/qmail/venema.html",
"refsource" : "MISC",
"url" : "http://cr.yp.to/qmail/venema.html"
},
{
"name" : "http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html",
"refsource" : "MISC",
"url" : "http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html"
},
{
"name" : "2237",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2237"
},
{
"name" : "qmail-rcpt(208)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/208"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial of service in Qmail by specifying a large number of recipients with the RCPT command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "qmail-rcpt(208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208"
},
{
"name": "19970612 Re: Denial of service (qmail-smtpd)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=87602558319029&w=2"
},
{
"name": "2237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2237"
},
{
"name": "19970612 qmail-dos-2.c, another denial of service attack",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=87602558319024&w=2"
},
{
"name": "http://cr.yp.to/qmail/venema.html",
"refsource": "MISC",
"url": "http://cr.yp.to/qmail/venema.html"
},
{
"name": "http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html",
"refsource": "MISC",
"url": "http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html"
}
]
}
}

120
2005/2xxx/CVE-2005-2055.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via \"default settings of earlier Internet Explorer browsers\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://service.real.com/help/faq/security/050623_player/EN/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/help/faq/security/050623_player/EN/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via \"default settings of earlier Internet Explorer browsers\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/help/faq/security/050623_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
]
}
}

210
2005/2xxx/CVE-2005-2099.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5"
},
{
"name" : "FLSA:157459-3",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name" : "MDKSA-2005:220",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220"
},
{
"name" : "RHSA-2005:514",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-514.html"
},
{
"name" : "USN-169-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/169-1/"
},
{
"name" : "14517",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14517"
},
{
"name" : "oval:org.mitre.oval:def:9079",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9079"
},
{
"name" : "1014644",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014644"
},
{
"name" : "16355",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16355/"
},
{
"name" : "17073",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17073"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-169-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/169-1/"
},
{
"name": "MDKSA-2005:220",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220"
},
{
"name": "1014644",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014644"
},
{
"name": "17073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17073"
},
{
"name": "RHSA-2005:514",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-514.html"
},
{
"name": "oval:org.mitre.oval:def:9079",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9079"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5"
},
{
"name": "FLSA:157459-3",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name": "16355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16355/"
},
{
"name": "14517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14517"
}
]
}
}

160
2005/2xxx/CVE-2005-2205.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050705 PNGƒJƒEƒ“ƒ^+—pƒƒO‰ƒXƒNƒŠƒvƒg remote commands execution vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/lists/bugtraq/2005/Jul/0097.html"
},
{
"name" : "14182",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14182"
},
{
"name" : "17784",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17784"
},
{
"name" : "1014426",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014426"
},
{
"name" : "15981",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15981"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17784",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17784"
},
{
"name": "20050705 PNGƒJƒEƒ“ƒ^+—pƒƒO‰ƒXƒNƒŠƒvƒg remote commands execution vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/Jul/0097.html"
},
{
"name": "14182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14182"
},
{
"name": "1014426",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014426"
},
{
"name": "15981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15981"
}
]
}
}

130
2005/2xxx/CVE-2005-2253.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1014423",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014423"
},
{
"name" : "15967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15967"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014423",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014423"
},
{
"name": "15967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15967"
}
]
}
}

160
2005/3xxx/CVE-2005-3569.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27005891&aid=3#wq213",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27005891&aid=3#wq213"
},
{
"name" : "15376",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15376"
},
{
"name" : "20708",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20708"
},
{
"name" : "17388",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17388"
},
{
"name" : "db2-lzh-dos(23089)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23089"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "db2-lzh-dos(23089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23089"
},
{
"name": "20708",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20708"
},
{
"name": "17388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17388"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg27005891&aid=3#wq213",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27005891&aid=3#wq213"
},
{
"name": "15376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15376"
}
]
}
}

170
2005/3xxx/CVE-2005-3846.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3846",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/fantastic-news-category-sql-inj.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/fantastic-news-category-sql-inj.html"
},
{
"name" : "15622",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15622"
},
{
"name" : "ADV-2005-2595",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2595"
},
{
"name" : "21162",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21162"
},
{
"name" : "17758",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17758"
},
{
"name" : "fantastic-news-news-sql-injection(23215)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23215"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2005/11/fantastic-news-category-sql-inj.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/fantastic-news-category-sql-inj.html"
},
{
"name": "fantastic-news-news-sql-injection(23215)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23215"
},
{
"name": "21162",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21162"
},
{
"name": "15622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15622"
},
{
"name": "ADV-2005-2595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2595"
},
{
"name": "17758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17758"
}
]
}
}

200
2005/3xxx/CVE-2005-3975.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3975",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Drupal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051201 [DRUPAL-SA-2005-008] Drupal 4.6.4 / 4.5.6 fixes XSS and HTTP header injection issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/418291/100/0/threaded"
},
{
"name" : "http://drupal.org/files/sa-2005-008/4.6.3.patch",
"refsource" : "MISC",
"url" : "http://drupal.org/files/sa-2005-008/4.6.3.patch"
},
{
"name" : "http://drupal.org/files/sa-2005-008/advisory.txt",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/files/sa-2005-008/advisory.txt"
},
{
"name" : "DSA-958",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-958"
},
{
"name" : "15663",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15663"
},
{
"name" : "ADV-2005-2684",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2684"
},
{
"name" : "17824",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17824"
},
{
"name" : "18630",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18630"
},
{
"name" : "220",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/220"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Drupal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2684",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2684"
},
{
"name": "220",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/220"
},
{
"name": "DSA-958",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-958"
},
{
"name": "18630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18630"
},
{
"name": "15663",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15663"
},
{
"name": "20051201 [DRUPAL-SA-2005-008] Drupal 4.6.4 / 4.5.6 fixes XSS and HTTP header injection issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418291/100/0/threaded"
},
{
"name": "17824",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17824"
},
{
"name": "http://drupal.org/files/sa-2005-008/advisory.txt",
"refsource": "CONFIRM",
"url": "http://drupal.org/files/sa-2005-008/advisory.txt"
},
{
"name": "http://drupal.org/files/sa-2005-008/4.6.3.patch",
"refsource": "MISC",
"url": "http://drupal.org/files/sa-2005-008/4.6.3.patch"
}
]
}
}

180
2007/5xxx/CVE-2007-5090.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5090",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21268116",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21268116"
},
{
"name" : "25810",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25810"
},
{
"name" : "ADV-2007-3264",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3264"
},
{
"name" : "40598",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40598"
},
{
"name" : "1018735",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018735"
},
{
"name" : "26899",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26899"
},
{
"name" : "clearquest-unspecified-data-manipulation(36771)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36771"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25810"
},
{
"name": "26899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26899"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116"
},
{
"name": "ADV-2007-3264",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3264"
},
{
"name": "1018735",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018735"
},
{
"name": "40598",
"refsource": "OSVDB",
"url": "http://osvdb.org/40598"
},
{
"name": "clearquest-unspecified-data-manipulation(36771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36771"
}
]
}
}

170
2009/2xxx/CVE-2009-2050.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2050",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-2050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml"
},
{
"name" : "36152",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36152"
},
{
"name" : "57452",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/57452"
},
{
"name" : "1022775",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022775"
},
{
"name" : "36495",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36495"
},
{
"name" : "36499",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36499"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57452",
"refsource": "OSVDB",
"url": "http://osvdb.org/57452"
},
{
"name": "36499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36499"
},
{
"name": "36152",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36152"
},
{
"name": "36495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36495"
},
{
"name": "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml"
},
{
"name": "1022775",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022775"
}
]
}
}

150
2009/2xxx/CVE-2009-2213.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.citrix.com/article/CTX118770",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX118770"
},
{
"name" : "35422",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35422"
},
{
"name" : "ADV-2009-1641",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1641"
},
{
"name" : "netscaler-default-unauth-access(51274)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51274"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netscaler-default-unauth-access(51274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51274"
},
{
"name": "35422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35422"
},
{
"name": "ADV-2009-1641",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1641"
},
{
"name": "http://support.citrix.com/article/CTX118770",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX118770"
}
]
}
}

34
2009/2xxx/CVE-2009-2280.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2280",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2280",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2009/3xxx/CVE-2009-3213.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .mp3 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0908-exploits/broid-overflow.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0908-exploits/broid-overflow.txt"
},
{
"name" : "broid-mp3-bo(52532)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52532"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .mp3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "broid-mp3-bo(52532)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52532"
},
{
"name": "http://packetstormsecurity.org/0908-exploits/broid-overflow.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0908-exploits/broid-overflow.txt"
}
]
}
}

150
2009/3xxx/CVE-2009-3976.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9508",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9508"
},
{
"name" : "36128",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36128"
},
{
"name" : "ADV-2009-2414",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2414"
},
{
"name" : "proftpd-welcome-bo(52730)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52730"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36128"
},
{
"name": "proftpd-welcome-bo(52730)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52730"
},
{
"name": "9508",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9508"
},
{
"name": "ADV-2009-2414",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2414"
}
]
}
}

130
2015/0xxx/CVE-2015-0389.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0389",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2014-6592."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "72199",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72199"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2014-6592."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "72199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72199"
}
]
}
}

150
2015/0xxx/CVE-2015-0398.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0398",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Clinical Trip Report."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "72207",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72207"
},
{
"name" : "1031578",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031578"
},
{
"name" : "oracle-cpujan2015-cve20150398(100129)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100129"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Clinical Trip Report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72207"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "1031578",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031578"
},
{
"name": "oracle-cpujan2015-cve20150398(100129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100129"
}
]
}
}

180
2015/0xxx/CVE-2015-0886.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-0886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mindrot.org/projects/jBCrypt/news/rel04.html",
"refsource" : "CONFIRM",
"url" : "http://www.mindrot.org/projects/jBCrypt/news/rel04.html"
},
{
"name" : "https://bugzilla.mindrot.org/show_bug.cgi?id=2097",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mindrot.org/show_bug.cgi?id=2097"
},
{
"name" : "FEDORA-2015-2994",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151797.html"
},
{
"name" : "FEDORA-2015-3032",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151786.html"
},
{
"name" : "FEDORA-2015-3120",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151496.html"
},
{
"name" : "JVN#77718330",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN77718330/index.html"
},
{
"name" : "JVNDB-2015-000033",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000033"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-3032",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151786.html"
},
{
"name": "FEDORA-2015-3120",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151496.html"
},
{
"name": "JVN#77718330",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN77718330/index.html"
},
{
"name": "http://www.mindrot.org/projects/jBCrypt/news/rel04.html",
"refsource": "CONFIRM",
"url": "http://www.mindrot.org/projects/jBCrypt/news/rel04.html"
},
{
"name": "FEDORA-2015-2994",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151797.html"
},
{
"name": "JVNDB-2015-000033",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000033"
},
{
"name": "https://bugzilla.mindrot.org/show_bug.cgi?id=2097",
"refsource": "CONFIRM",
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=2097"
}
]
}
}

140
2015/1xxx/CVE-2015-1954.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1954",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398"
},
{
"name" : "75448",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75448"
},
{
"name" : "1032773",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032773"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032773",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032773"
},
{
"name": "75448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75448"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398"
}
]
}
}

140
2015/4xxx/CVE-2015-4236.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150710 Cisco AsyncOS for Cisco Email Security Appliance Cluster Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39785"
},
{
"name" : "75703",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75703"
},
{
"name" : "1032855",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032855"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032855",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032855"
},
{
"name": "75703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75703"
},
{
"name": "20150710 Cisco AsyncOS for Cisco Email Security Appliance Cluster Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39785"
}
]
}
}

140
2015/4xxx/CVE-2015-4716.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4716",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-006",
"refsource" : "CONFIRM",
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-006"
},
{
"name" : "DSA-3373",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3373"
},
{
"name" : "76159",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76159"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76159"
},
{
"name": "DSA-3373",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-006",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-006"
}
]
}
}

120
2015/4xxx/CVE-2015-4946.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4946",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 allows local users to bypass intended access restrictions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973404",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973404"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 allows local users to bypass intended access restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404"
}
]
}
}

140
2015/8xxx/CVE-2015-8216.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8216",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html"
},
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d24888ef19ba38b787b11d1ee091a3d94920c76a",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d24888ef19ba38b787b11d1ee091a3d94920c76a"
},
{
"name" : "openSUSE-SU-2015:2120",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html"
},
{
"name": "openSUSE-SU-2015:2120",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d24888ef19ba38b787b11d1ee091a3d94920c76a",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d24888ef19ba38b787b11d1ee091a3d94920c76a"
}
]
}
}

120
2015/8xxx/CVE-2015-8334.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8334",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463072.htm",
"refsource" : "CONFIRM",
"url" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463072.htm"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463072.htm",
"refsource": "CONFIRM",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463072.htm"
}
]
}
}

140
2015/8xxx/CVE-2015-8597.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8597",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a \"clear text\" one in a coaching page, as demonstrated by \"http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/",
"refsource" : "MISC",
"url" : "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa107",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa107"
},
{
"name" : "1034506",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034506"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a \"clear text\" one in a coaching page, as demonstrated by \"http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bto.bluecoat.com/security-advisory/sa107",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa107"
},
{
"name": "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/",
"refsource": "MISC",
"url": "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/"
},
{
"name": "1034506",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034506"
}
]
}
}

140
2015/8xxx/CVE-2015-8801.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-8801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01",
"refsource" : "CONFIRM",
"url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01"
},
{
"name" : "91446",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91446"
},
{
"name" : "1036196",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036196"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01"
},
{
"name": "1036196",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036196"
},
{
"name": "91446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91446"
}
]
}
}

34
2015/9xxx/CVE-2015-9155.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-9155",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9155",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2016/5xxx/CVE-2016-5338.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160607 CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/07/3"
},
{
"name" : "[oss-security] 20160608 Re: CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/08/14"
},
{
"name" : "[qemu-devel] 20160606 [Qemu-devel] [PATCH v3] scsi: esp: check TI buffer index before read/write",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html"
},
{
"name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec",
"refsource" : "CONFIRM",
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec"
},
{
"name" : "GLSA-201609-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201609-01"
},
{
"name" : "USN-3047-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name" : "USN-3047-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name" : "91079",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91079"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec"
},
{
"name": "USN-3047-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[qemu-devel] 20160606 [Qemu-devel] [PATCH v3] scsi: esp: check TI buffer index before read/write",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html"
},
{
"name": "[oss-security] 20160608 Re: CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/14"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "91079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91079"
},
{
"name": "[oss-security] 20160607 CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/07/3"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
}

34
2018/2xxx/CVE-2018-2260.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2260",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2260",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

34
2018/2xxx/CVE-2018-2340.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2340",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2340",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

148
2018/2xxx/CVE-2018-2447.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2018-2447",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SAP BusinessObjects Business Intelligence",
"version" : {
"version_data" : [
{
"version_name" : "",
"version_value" : "4.2"
}
]
}
}
]
},
"vendor_name" : "SAP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP BusinessObjects Business Intelligence",
"version": {
"version_data": [
{
"version_name": "",
"version_value": "4.2"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://launchpad.support.sap.com/#/notes/2644154",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2644154"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
},
{
"name" : "105075",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105075"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105075"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2644154",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2644154"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

148
2018/2xxx/CVE-2018-2460.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2018-2460",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SAP Business One Android application",
"version" : {
"version_data" : [
{
"version_name" : "=",
"version_value" : "1.2"
}
]
}
}
]
},
"vendor_name" : "SAP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure Certificate Verification"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Business One Android application",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "1.2"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://launchpad.support.sap.com/#/notes/2682503",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2682503"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993"
},
{
"name" : "105309",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105309"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Certificate Verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993"
},
{
"name": "105309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105309"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2682503",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2682503"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

158
2018/2xxx/CVE-2018-2475.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2018-2475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "project “Gardener”",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "0.12.4"
}
]
}
}
]
},
"vendor_name" : "SAP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with other minor Kubernetes security issues, the missing network isolation theoretically can lead to compromise other shoot or seed clusters in the \"Gardener\" context. The issue is rated high due to the high impact of a potential exploitation in \"Gardener\" context. This was fixed in Gardener release 0.12.4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing network isolation"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "project \u201cGardener\u201d",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "0.12.4"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://launchpad.support.sap.com/#/notes/2699726",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2699726"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095"
},
{
"name" : "https://groups.google.com/forum/#!topic/gardener/OjfKEe1LwXo",
"refsource" : "CONFIRM",
"url" : "https://groups.google.com/forum/#!topic/gardener/OjfKEe1LwXo"
},
{
"name" : "105579",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105579"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with other minor Kubernetes security issues, the missing network isolation theoretically can lead to compromise other shoot or seed clusters in the \"Gardener\" context. The issue is rated high due to the high impact of a potential exploitation in \"Gardener\" context. This was fixed in Gardener release 0.12.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing network isolation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095"
},
{
"name": "https://groups.google.com/forum/#!topic/gardener/OjfKEe1LwXo",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/gardener/OjfKEe1LwXo"
},
{
"name": "105579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105579"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2699726",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2699726"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

122
2018/3xxx/CVE-2018-3737.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2018-3737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "sshpk node module",
"version" : {
"version_data" : [
{
"version_value" : "Versions up to and including 1.13.1"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sshpk is vulnerable to ReDoS when parsing crafted invalid public keys."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Allocation of Resources Without Limits or Throttling (CWE-770)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2018-3737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sshpk node module",
"version": {
"version_data": [
{
"version_value": "Versions up to and including 1.13.1"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/319593",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/319593"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sshpk is vulnerable to ReDoS when parsing crafted invalid public keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/319593",
"refsource": "MISC",
"url": "https://hackerone.com/reports/319593"
}
]
}
}

172
2018/6xxx/CVE-2018-6033.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6033",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "64.0.3282.119"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient data validation"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name" : "https://crbug.com/793620",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/793620"
},
{
"name" : "DSA-4103",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4103"
},
{
"name" : "RHSA-2018:0265",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"name" : "102797",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102797"
},
{
"name" : "1040282",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040282"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient data validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "https://crbug.com/793620",
"refsource": "CONFIRM",
"url": "https://crbug.com/793620"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}

34
2018/6xxx/CVE-2018-6752.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6752",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6752",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/7xxx/CVE-2018-7784.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@se.com",
"DATE_PUBLIC" : "2018-05-31T00:00:00",
"ID" : "CVE-2018-7784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.motion Builder",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder, all versions prior to 1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Print Format Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2018-05-31T00:00:00",
"ID": "CVE-2018-7784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "U.motion Builder",
"version": {
"version_data": [
{
"version_value": "U.motion Builder, all versions prior to 1.3.4"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
},
{
"name" : "104447",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104447"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Print Format Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
},
{
"name": "104447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104447"
}
]
}
}

120
2018/7xxx/CVE-2018-7806.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@se.com",
"ID" : "CVE-2018-7806",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Data Center Operation all versions",
"version" : {
"version_data" : [
{
"version_value" : "Data Center Operation all versions"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal"
}
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Center Operation all versions",
"version": {
"version_data": [
{
"version_value": "Data Center Operation all versions"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource" : "MISC",
"url" : "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource": "MISC",
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
}
]
}
}

34
2019/1xxx/CVE-2019-1851.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1851",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1851",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5156.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5156",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5156",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5282.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5282",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5282",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5601.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5601",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5601",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

162
2019/5xxx/CVE-2019-5776.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2019-5776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "72.0.3626.81"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "72.0.3626.81"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/863663",
"refsource" : "MISC",
"url" : "https://crbug.com/863663"
},
{
"name" : "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4395",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4395"
},
{
"name" : "RHSA-2019:0309",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0309"
},
{
"name" : "106767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106767"
},
{
"name": "RHSA-2019:0309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0309"
},
{
"name": "DSA-4395",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4395"
},
{
"name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/863663",
"refsource": "MISC",
"url": "https://crbug.com/863663"
}
]
}
}