admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:15:30 +00:00
parent 8a83c70c03
commit b272d490c7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 3260 additions and 3260 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2007/0xxx/CVE-2007-0433.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0433",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0433",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled."
"lang": "eng",
"value": "Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "BEA07-154.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/221"
"name": "BEA07-154.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/221"
},
{
"name" : "22082",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22082"
"name": "22082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22082"
},
{
"name" : "32861",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32861"
"name": "23786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23786"
},
{
"name" : "1017524",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017524"
"name": "32861",
"refsource": "OSVDB",
"url": "http://osvdb.org/32861"
},
{
"name" : "23786",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23786"
"name": "1017524",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017524"
}
]
}

110
2007/0xxx/CVE-2007-0635.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0635",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0635",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php."
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070130 EncapsCMS 0.3.6 (common_foot.php) Remote File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/458582/100/0/threaded"
"name": "ADV-2007-0430",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0430"
},
{
"name" : "22319",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22319"
"name": "33035",
"refsource": "OSVDB",
"url": "http://osvdb.org/33035"
},
{
"name" : "ADV-2007-0430",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0430"
"name": "33034",
"refsource": "OSVDB",
"url": "http://osvdb.org/33034"
},
{
"name" : "33034",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33034"
"name": "22319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22319"
},
{
"name" : "33035",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33035"
"name": "23987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23987"
},
{
"name" : "33036",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33036"
"name": "encapsms-config-file-include(31978)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31978"
},
{
"name" : "23987",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23987"
"name": "2200",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2200"
},
{
"name" : "2200",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2200"
"name": "33036",
"refsource": "OSVDB",
"url": "http://osvdb.org/33036"
},
{
"name" : "encapsms-config-file-include(31978)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31978"
"name": "20070130 EncapsCMS 0.3.6 (common_foot.php) Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458582/100/0/threaded"
}
]
}

86
2007/2xxx/CVE-2007-2626.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2626",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2626",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** DISPUTED ** SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries."
"lang": "eng",
"value": "** DISPUTED ** SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070503 SchoolBoard (admin.php) Remote Login Bypass SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/467486/100/0/threaded"
"name": "20070503 SchoolBoard (admin.php) Remote Login Bypass SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467486/100/0/threaded"
},
{
"name" : "20070511 probably false: SchoolBoard (admin.php) SQL injection",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-May/001609.html"
"name": "23798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23798"
},
{
"name" : "23798",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23798"
"name": "36162",
"refsource": "OSVDB",
"url": "http://osvdb.org/36162"
},
{
"name" : "36162",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36162"
"name": "2695",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2695"
},
{
"name" : "2695",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2695"
"name": "20070511 probably false: SchoolBoard (admin.php) SQL injection",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-May/001609.html"
}
]
}

80
2007/3xxx/CVE-2007-3179.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3179",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3179",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070530 Particle Blogger 1.2.1 SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/469984/100/0/threaded"
"name": "37468",
"refsource": "OSVDB",
"url": "http://osvdb.org/37468"
},
{
"name" : "37468",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37468"
"name": "2799",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2799"
},
{
"name" : "2799",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2799"
"name": "particle-archives-sql-injection(34583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34583"
},
{
"name" : "particle-archives-sql-injection(34583)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34583"
"name": "20070530 Particle Blogger 1.2.1 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469984/100/0/threaded"
}
]
}

74
2007/3xxx/CVE-2007-3428.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3428",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3428",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076."
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://soft.zoneo.net/phpTrafficA/news.php",
"refsource" : "CONFIRM",
"url" : "http://soft.zoneo.net/phpTrafficA/news.php"
"name": "43469",
"refsource": "OSVDB",
"url": "http://osvdb.org/43469"
},
{
"name" : "43469",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/43469"
"name": "http://soft.zoneo.net/phpTrafficA/news.php",
"refsource": "CONFIRM",
"url": "http://soft.zoneo.net/phpTrafficA/news.php"
},
{
"name" : "43470",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/43470"
"name": "43470",
"refsource": "OSVDB",
"url": "http://osvdb.org/43470"
}
]
}

104
2007/3xxx/CVE-2007-3784.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3784",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3784",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070710 Portcullis Computer Security Ltd - Advisories",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0179.html"
"name": "belkin-gplus-hostname-xss(35380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35380"
},
{
"name" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/att-0179/Belkin_Router_fw_40503_xss_06_64.txt",
"refsource" : "MISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/att-0179/Belkin_Router_fw_40503_xss_06_64.txt"
"name": "26059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26059"
},
{
"name" : "http://www.portcullis-security.com/uplds/advisories/Belkin_Router_fw_40503_xss%2006_64.txt",
"refsource" : "MISC",
"url" : "http://www.portcullis-security.com/uplds/advisories/Belkin_Router_fw_40503_xss%2006_64.txt"
"name": "36361",
"refsource": "OSVDB",
"url": "http://osvdb.org/36361"
},
{
"name" : "24881",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24881"
"name": "ADV-2007-2527",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2527"
},
{
"name" : "36361",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36361"
"name": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/att-0179/Belkin_Router_fw_40503_xss_06_64.txt",
"refsource": "MISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/att-0179/Belkin_Router_fw_40503_xss_06_64.txt"
},
{
"name" : "ADV-2007-2527",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2527"
"name": "24881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24881"
},
{
"name" : "26059",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26059"
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0179.html"
},
{
"name" : "belkin-gplus-hostname-xss(35380)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35380"
"name": "http://www.portcullis-security.com/uplds/advisories/Belkin_Router_fw_40503_xss%2006_64.txt",
"refsource": "MISC",
"url": "http://www.portcullis-security.com/uplds/advisories/Belkin_Router_fw_40503_xss%2006_64.txt"
}
]
}

92
2007/4xxx/CVE-2007-4064.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4064",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4064",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via \"some server variables,\" including PHP_SELF; and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via \"some server variables,\" including PHP_SELF; and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://drupal.org/files/sa-2007-018/advisory.txt",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/files/sa-2007-018/advisory.txt"
"name": "ADV-2007-2697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2697"
},
{
"name" : "25097",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25097"
"name": "http://drupal.org/files/sa-2007-018/advisory.txt",
"refsource": "CONFIRM",
"url": "http://drupal.org/files/sa-2007-018/advisory.txt"
},
{
"name" : "ADV-2007-2697",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2697"
"name": "25097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25097"
},
{
"name" : "26224",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26224"
"name": "26224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26224"
},
{
"name" : "drupal-contenttype-xss(35637)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35637"
"name": "drupal-contenttype-xss(35637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35637"
},
{
"name" : "drupal-servervariable-xss(35638)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35638"
"name": "drupal-servervariable-xss(35638)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35638"
}
]
}

62
2007/4xxx/CVE-2007-4507.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4507",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4507",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions."
"lang": "eng",
"value": "Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "4304",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4304"
"name": "4304",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4304"
}
]
}

98
2007/4xxx/CVE-2007-4837.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4837",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4837",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
"lang": "eng",
"value": "SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070909 Proxy Anket v3.0.1 Sql injection Vulnerable",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/478971/100/0/threaded"
"name": "proxyanklet-anket-sql-injection(36515)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36515"
},
{
"name" : "http://yollubunlar.org/proxy-anket-v301-sql-injection-vulnerable-3502.html",
"refsource" : "MISC",
"url" : "http://yollubunlar.org/proxy-anket-v301-sql-injection-vulnerable-3502.html"
"name": "http://yollubunlar.org/proxy-anket-v301-sql-injection-vulnerable-3502.html",
"refsource": "MISC",
"url": "http://yollubunlar.org/proxy-anket-v301-sql-injection-vulnerable-3502.html"
},
{
"name" : "25613",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25613"
"name": "25613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25613"
},
{
"name" : "36939",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36939"
"name": "3121",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3121"
},
{
"name" : "26735",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26735"
"name": "20070909 Proxy Anket v3.0.1 Sql injection Vulnerable",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/478971/100/0/threaded"
},
{
"name" : "3121",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3121"
"name": "26735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26735"
},
{
"name" : "proxyanklet-anket-sql-injection(36515)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36515"
"name": "36939",
"refsource": "OSVDB",
"url": "http://osvdb.org/36939"
}
]
}

98
2007/6xxx/CVE-2007-6416.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6416",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6416",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations."
"lang": "eng",
"value": "The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7"
"name": "28643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28643"
},
{
"name" : "RHSA-2008:0089",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0089.html"
"name": "oval:org.mitre.oval:def:9840",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840"
},
{
"name" : "26954",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26954"
"name": "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7",
"refsource": "CONFIRM",
"url": "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7"
},
{
"name" : "41344",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/41344"
"name": "26954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26954"
},
{
"name" : "oval:org.mitre.oval:def:9840",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840"
"name": "28146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28146"
},
{
"name" : "28146",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28146"
"name": "41344",
"refsource": "OSVDB",
"url": "http://osvdb.org/41344"
},
{
"name" : "28643",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28643"
"name": "RHSA-2008:0089",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0089.html"
}
]
}

74
2007/6xxx/CVE-2007-6458.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6458",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6458",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php."
"lang": "eng",
"value": "SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "4733",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4733"
"name": "4733",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4733"
},
{
"name" : "26890",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26890"
"name": "26890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26890"
},
{
"name" : "43706",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/43706"
"name": "43706",
"refsource": "OSVDB",
"url": "http://osvdb.org/43706"
}
]
}

74
2010/5xxx/CVE-2010-5052.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5052",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5052",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20100525 XSS vulnerability in GetSimple CMS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511458/100/0/threaded"
"name": "20100525 XSS vulnerability in GetSimple CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511458/100/0/threaded"
},
{
"name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_getsimple_cms.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_getsimple_cms.html"
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_getsimple_cms.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_getsimple_cms.html"
},
{
"name" : "40374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40374"
"name": "40374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40374"
}
]
}

62
2010/5xxx/CVE-2010-5143.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5143",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5143",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module."
"lang": "eng",
"value": "McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10014",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10014"
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10014",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10014"
}
]
}

134
2014/1xxx/CVE-2014-1582.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1582",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1582",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority."
"lang": "eng",
"value": "The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-80.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-80.html"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1049095",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1049095"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1049095",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1049095"
"name": "openSUSE-SU-2014:1344",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
"name": "FEDORA-2014-13042",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html"
},
{
"name" : "FEDORA-2014-13042",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html"
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-80.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-80.html"
},
{
"name" : "FEDORA-2014-14084",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html"
"name": "1031028",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031028"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
"name": "openSUSE-SU-2014:1345",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html"
},
{
"name" : "openSUSE-SU-2014:1344",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html"
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "openSUSE-SU-2014:1345",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "USN-2372-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2372-1"
"name": "FEDORA-2014-14084",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html"
},
{
"name" : "70432",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70432"
"name": "USN-2372-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2372-1"
},
{
"name" : "1031028",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031028"
"name": "62022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62022"
},
{
"name" : "62022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62022"
"name": "62023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62023"
},
{
"name" : "62023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62023"
"name": "70432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70432"
}
]
}

22
2014/1xxx/CVE-2014-1712.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1712",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1712",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2014/1xxx/CVE-2014-1857.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1857",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1857",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2014/5xxx/CVE-2014-5298.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5298",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5298",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program."
"lang": "eng",
"value": "FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20140923 [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533514/100/0/threaded"
"name": "http://packetstormsecurity.com/files/128353/X2Engine-4.1.7-Unrestricted-File-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128353/X2Engine-4.1.7-Unrestricted-File-Upload.html"
},
{
"name" : "20140923 [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Sep/78"
"name": "20140923 [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/78"
},
{
"name" : "http://karmainsecurity.com/KIS-2014-10",
"refsource" : "MISC",
"url" : "http://karmainsecurity.com/KIS-2014-10"
"name": "20140923 [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533514/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/128353/X2Engine-4.1.7-Unrestricted-File-Upload.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128353/X2Engine-4.1.7-Unrestricted-File-Upload.html"
"name": "http://karmainsecurity.com/KIS-2014-10",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2014-10"
},
{
"name" : "https://github.com/X2Engine/X2Engine/blob/master/CHANGELOG.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/X2Engine/X2Engine/blob/master/CHANGELOG.md"
"name": "https://github.com/X2Engine/X2Engine/blob/master/CHANGELOG.md",
"refsource": "CONFIRM",
"url": "https://github.com/X2Engine/X2Engine/blob/master/CHANGELOG.md"
}
]
}

22
2014/5xxx/CVE-2014-5476.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5476",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5476",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

98
2015/2xxx/CVE-2015-2035.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2035",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2035",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php."
"lang": "eng",
"value": "SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20150218 Reflecting XSS- and SQL injection-vulnerabilities in the administrative backend of Piwigo <= v. 2.7.3",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Feb/73"
"name": "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-06.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-06.html"
},
{
"name" : "http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.html"
"name": "20150218 Reflecting XSS- and SQL injection-vulnerabilities in the administrative backend of Piwigo <= v. 2.7.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Feb/73"
},
{
"name" : "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-06.html",
"refsource" : "MISC",
"url" : "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-06.html"
"name": "http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name" : "http://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-06.html",
"refsource" : "MISC",
"url" : "http://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-06.html"
"name": "http://piwigo.org/releases/2.7.4",
"refsource": "CONFIRM",
"url": "http://piwigo.org/releases/2.7.4"
},
{
"name" : "http://piwigo.org/forum/viewtopic.php?id=25179",
"refsource" : "CONFIRM",
"url" : "http://piwigo.org/forum/viewtopic.php?id=25179"
"name": "http://piwigo.org/forum/viewtopic.php?id=25179",
"refsource": "CONFIRM",
"url": "http://piwigo.org/forum/viewtopic.php?id=25179"
},
{
"name" : "http://piwigo.org/releases/2.7.4",
"refsource" : "CONFIRM",
"url" : "http://piwigo.org/releases/2.7.4"
"name": "72689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72689"
},
{
"name" : "72689",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72689"
"name": "http://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-06.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-06.html"
}
]
}

86
2015/2xxx/CVE-2015-2070.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2070",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2070",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed."
"lang": "eng",
"value": "SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "36089",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/36089"
"name": "http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html"
},
{
"name" : "20150213 eTouch SamePage v4.4.0.0.239 multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Feb/47"
"name": "118356",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/118356"
},
{
"name" : "http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html"
"name": "36089",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/36089"
},
{
"name" : "74883",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74883"
"name": "20150213 eTouch SamePage v4.4.0.0.239 multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Feb/47"
},
{
"name" : "118356",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/118356"
"name": "74883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74883"
}
]
}

68
2015/2xxx/CVE-2015-2096.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2096",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2096",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP address and a page reload."
"lang": "eng",
"value": "Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP address and a page reload."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-069/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-069/"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-069/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-069/"
},
{
"name" : "72849",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72849"
"name": "72849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72849"
}
]
}

80
2015/2xxx/CVE-2015-2272.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2272",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2272",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token."
"lang": "eng",
"value": "login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20150316 Moodle security issues are now public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2015/03/16/1"
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691"
"name": "https://moodle.org/mod/forum/discuss.php?d=307386",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=307386"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=307386",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=307386"
"name": "73166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73166"
},
{
"name" : "73166",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73166"
"name": "[oss-security] 20150316 Moodle security issues are now public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/03/16/1"
}
]
}

116
2015/6xxx/CVE-2015-6251.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6251",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-6251",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate."
"lang": "eng",
"value": "Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20150810 CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/08/10/1"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251902",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251902"
},
{
"name" : "[oss-security] 20150817 Re: CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/08/17/6"
"name": "openSUSE-SU-2015:1499",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html"
},
{
"name" : "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3",
"refsource" : "CONFIRM",
"url" : "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3"
"name": "1033226",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033226"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1251902",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1251902"
"name": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3",
"refsource": "CONFIRM",
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3"
},
{
"name" : "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12"
"name": "[oss-security] 20150810 CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/10/1"
},
{
"name" : "DSA-3334",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3334"
"name": "76267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76267"
},
{
"name" : "FEDORA-2015-13287",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html"
"name": "FEDORA-2015-13287",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html"
},
{
"name" : "openSUSE-SU-2015:1499",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html"
"name": "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12"
},
{
"name" : "76267",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76267"
"name": "[oss-security] 20150817 Re: CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/17/6"
},
{
"name" : "1033226",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033226"
"name": "DSA-3334",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3334"
}
]
}

68
2015/6xxx/CVE-2015-6266.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6266",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6266",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045."
"lang": "eng",
"value": "The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20150827 Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40691"
"name": "20150827 Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40691"
},
{
"name" : "1033405",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033405"
"name": "1033405",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033405"
}
]
}

68
2015/6xxx/CVE-2015-6395.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6395",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6395",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188."
"lang": "eng",
"value": "Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20151207 Cisco Prime Service Catalog Web Interface Unauthorized Access Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151207-psc"
"name": "20151207 Cisco Prime Service Catalog Web Interface Unauthorized Access Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151207-psc"
},
{
"name" : "1034313",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034313"
"name": "1034313",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034313"
}
]
}

62
2015/6xxx/CVE-2015-6959.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6959",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6959",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Vindula 1.9."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Vindula 1.9."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.youtube.com/watch?v=-WXWqNBEQQc",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=-WXWqNBEQQc"
"name": "https://www.youtube.com/watch?v=-WXWqNBEQQc",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=-WXWqNBEQQc"
}
]
}

92
2016/0xxx/CVE-2016-0709.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-0709",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0709",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by \"../../webapps/x.jsp.\""
"lang": "eng",
"value": "Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by \"../../webapps/x.jsp.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "39643",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39643/"
"name": "39643",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39643/"
},
{
"name" : "[portals-jetspeed-user] 20160303 [CVE-2016-0709] Apache Jetspeed information disclosure vulnerability",
"refsource" : "MLIST",
"url" : "https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C281D02D0-6A03-4421-9D86-E73B001C8677@bluesunrise.com%3E"
"name": "https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709",
"refsource": "CONFIRM",
"url": "https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709"
},
{
"name" : "http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and",
"refsource" : "MISC",
"url" : "http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and"
"name": "[portals-jetspeed-user] 20160303 [CVE-2016-0709] Apache Jetspeed information disclosure vulnerability",
"refsource": "MLIST",
"url": "https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C281D02D0-6A03-4421-9D86-E73B001C8677@bluesunrise.com%3E"
},
{
"name" : "http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html"
"name": "http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and",
"refsource": "MISC",
"url": "http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and"
},
{
"name" : "http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload",
"refsource" : "MISC",
"url" : "http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload"
"name": "http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload"
},
{
"name" : "https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709",
"refsource" : "CONFIRM",
"url" : "https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709"
"name": "http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html"
}
]
}

22
2016/1000xxx/CVE-2016-1000244.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1000244",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000244",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

80
2016/10xxx/CVE-2016-10053.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10053",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10053",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file."
"lang": "eng",
"value": "The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/26/9"
"name": "https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1410461",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1410461"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1410461",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410461"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5"
"name": "95179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95179"
},
{
"name" : "95179",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95179"
"name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/26/9"
}
]
}

80
2016/10xxx/CVE-2016-10172.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10172",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10172",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file."
"lang": "eng",
"value": "The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20170128 Re: wavpack: multiple out of bounds memory reads",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/28/9"
"name": "95883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95883"
},
{
"name" : "https://sourceforge.net/p/wavpack/mailman/message/35561951/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/wavpack/mailman/message/35561951/"
"name": "https://sourceforge.net/p/wavpack/mailman/message/35561951/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/wavpack/mailman/message/35561951/"
},
{
"name" : "https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc",
"refsource" : "CONFIRM",
"url" : "https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc"
"name": "[oss-security] 20170128 Re: wavpack: multiple out of bounds memory reads",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/28/9"
},
{
"name" : "95883",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95883"
"name": "https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc",
"refsource": "CONFIRM",
"url": "https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc"
}
]
}

22
2016/10xxx/CVE-2016-10465.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10465",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10465",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2016/4xxx/CVE-2016-4061.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4061",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4061",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream."
"lang": "eng",
"value": "Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name" : "90504",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90504"
"name": "90504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90504"
}
]
}

80
2016/4xxx/CVE-2016-4083.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4083",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4083",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
"lang": "eng",
"value": "epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2016-27.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2016-27.html"
"name": "1035685",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035685"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12341",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12341"
"name": "http://www.wireshark.org/security/wnpa-sec-2016-27.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2016-27.html"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66417b17b3570b163a16ca81f71ce5bcb10548d2",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66417b17b3570b163a16ca81f71ce5bcb10548d2"
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66417b17b3570b163a16ca81f71ce5bcb10548d2",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66417b17b3570b163a16ca81f71ce5bcb10548d2"
},
{
"name" : "1035685",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035685"
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12341",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12341"
}
]
}

92
2016/4xxx/CVE-2016-4271.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4271",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4271",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278, aka a \"local-with-filesystem Flash sandbox bypass\" issue."
"lang": "eng",
"value": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278, aka a \"local-with-filesystem Flash sandbox bypass\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://lab.truel.it/flash-sandbox-bypass/",
"refsource" : "MISC",
"url" : "http://lab.truel.it/flash-sandbox-bypass/"
"name": "GLSA-201610-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-10"
},
{
"name" : "https://blog.bjornweb.nl/2017/02/flash-bypassing-local-sandbox-data-exfiltration-credentials-leak/",
"refsource" : "MISC",
"url" : "https://blog.bjornweb.nl/2017/02/flash-bypassing-local-sandbox-data-exfiltration-credentials-leak/"
"name": "http://lab.truel.it/flash-sandbox-bypass/",
"refsource": "MISC",
"url": "http://lab.truel.it/flash-sandbox-bypass/"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html"
"name": "https://blog.bjornweb.nl/2017/02/flash-bypassing-local-sandbox-data-exfiltration-credentials-leak/",
"refsource": "MISC",
"url": "https://blog.bjornweb.nl/2017/02/flash-bypassing-local-sandbox-data-exfiltration-credentials-leak/"
},
{
"name" : "GLSA-201610-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-10"
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html"
},
{
"name" : "RHSA-2016:1865",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1865.html"
"name": "RHSA-2016:1865",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1865.html"
},
{
"name" : "1036791",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036791"
"name": "1036791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036791"
}
]
}

86
2016/4xxx/CVE-2016-4316.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4316",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4316",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20160813 WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/539201/100/0/threaded"
"name": "http://packetstormsecurity.com/files/138331/WSO2-Carbon-4.4.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138331/WSO2-Carbon-4.4.5-Cross-Site-Scripting.html"
},
{
"name" : "40241",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40241/"
"name": "92473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92473"
},
{
"name" : "http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt",
"refsource" : "MISC",
"url" : "http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt"
"name": "20160813 WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539201/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/138331/WSO2-Carbon-4.4.5-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/138331/WSO2-Carbon-4.4.5-Cross-Site-Scripting.html"
"name": "40241",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40241/"
},
{
"name" : "92473",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92473"
"name": "http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt"
}
]
}

80
2016/4xxx/CVE-2016-4706.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-4706",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4706",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors."
"lang": "eng",
"value": "cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.apple.com/HT207170",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207170"
"name": "1036858",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036858"
},
{
"name" : "APPLE-SA-2016-09-20",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
"name": "APPLE-SA-2016-09-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
},
{
"name" : "93055",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93055"
"name": "93055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93055"
},
{
"name" : "1036858",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036858"
"name": "https://support.apple.com/HT207170",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207170"
}
]
}

134
2016/4xxx/CVE-2016-4957.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4957",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4957",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547."
"lang": "eng",
"value": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://bugs.ntp.org/3046",
"refsource" : "CONFIRM",
"url" : "http://bugs.ntp.org/3046"
"name": "SUSE-SU-2016:1602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name" : "http://support.ntp.org/bin/view/Main/NtpBug3046",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/NtpBug3046"
"name": "openSUSE-SU-2016:1583",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name" : "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/SecurityNotice"
"name": "FreeBSD-SA-16:24",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
"name": "http://bugs.ntp.org/3046",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/3046"
},
{
"name" : "FreeBSD-SA-16:24",
"refsource" : "FREEBSD",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
"name": "1036037",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name" : "GLSA-201607-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201607-15"
"name": "SUSE-SU-2016:1584",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"name" : "SUSE-SU-2016:1563",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "SUSE-SU-2016:1584",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
"name": "VU#321640",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"name" : "SUSE-SU-2016:1602",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name" : "openSUSE-SU-2016:1583",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
"name": "openSUSE-SU-2016:1636",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"name" : "openSUSE-SU-2016:1636",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
"name": "http://support.ntp.org/bin/view/Main/NtpBug3046",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
},
{
"name" : "VU#321640",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/321640"
"name": "SUSE-SU-2016:1563",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name" : "1036037",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036037"
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}

92
2016/8xxx/CVE-2016-8863.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8863",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8863",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request."
"lang": "eng",
"value": "Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.tenable.com/security/research/tra-2017-10",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2017-10"
"name": "https://sourceforge.net/p/pupnp/bugs/133/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/pupnp/bugs/133/"
},
{
"name" : "https://sourceforge.net/p/pupnp/bugs/133/",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/pupnp/bugs/133/"
"name": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
},
{
"name" : "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
"name": "GLSA-201701-52",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-52"
},
{
"name" : "DSA-3736",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2016/dsa-3736"
"name": "DSA-3736",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3736"
},
{
"name" : "GLSA-201701-52",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-52"
"name": "https://www.tenable.com/security/research/tra-2017-10",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"name" : "92849",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92849"
"name": "92849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92849"
}
]
}

22
2016/9xxx/CVE-2016-9144.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9144",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9144",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}

22
2016/9xxx/CVE-2016-9161.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9161",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9161",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}

92
2016/9xxx/CVE-2016-9178.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9178",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9178",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call."
"lang": "eng",
"value": "The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20161104 Re: kernel: fix minor infoleak in get_user_ex()",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/04/4"
"name": "https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"
"name": "[oss-security] 20161104 Re: kernel: fix minor infoleak in get_user_ex()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/04/4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1391908",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1391908"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1391908",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391908"
},
{
"name" : "https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af"
"name": "94144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94144"
},
{
"name" : "94144",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94144"
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"
}
]
}

22
2016/9xxx/CVE-2016-9785.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9785",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9785",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}

22
2019/2xxx/CVE-2019-2134.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2134",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2134",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

78
2019/2xxx/CVE-2019-2404.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2404",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2404",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "PeopleSoft Enterprise PT PeopleTools",
"version" : {
"version_data" : [
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "8.55"
"version_affected": "=",
"version_value": "8.55"
},
{
"version_affected" : "=",
"version_value" : "8.56"
"version_affected": "=",
"version_value": "8.56"
},
{
"version_affected" : "=",
"version_value" : "8.57"
"version_affected": "=",
"version_value": "8.57"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106592",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106592"
"name": "106592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106592"
}
]
}

22
2019/2xxx/CVE-2019-2714.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2714",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2714",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/3xxx/CVE-2019-3270.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3270",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3270",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/3xxx/CVE-2019-3419.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3419",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3419",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/3xxx/CVE-2019-3686.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3686",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3686",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/3xxx/CVE-2019-3846.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3846",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3846",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/6xxx/CVE-2019-6662.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6662",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6662",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/6xxx/CVE-2019-6817.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6817",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6817",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/6xxx/CVE-2019-6922.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6922",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6922",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/7xxx/CVE-2019-7013.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7013",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7013",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/7xxx/CVE-2019-7030.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7030",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7030",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2019/7xxx/CVE-2019-7168.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7168",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7168",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog."
"lang": "eng",
"value": "A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/croogo/croogo/issues/886",
"refsource" : "MISC",
"url" : "https://github.com/croogo/croogo/issues/886"
"name": "https://github.com/croogo/croogo/issues/886",
"refsource": "MISC",
"url": "https://github.com/croogo/croogo/issues/886"
}
]
}

22
2019/7xxx/CVE-2019-7490.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7490",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7490",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/8xxx/CVE-2019-8106.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8106",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8106",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/8xxx/CVE-2019-8161.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8161",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8161",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/8xxx/CVE-2019-8677.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8677",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8677",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}