admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:22:26 +00:00
parent a621b68d38
commit bf90c0abbd
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 3738 additions and 3738 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

220
2007/0xxx/CVE-2007-0134.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0134",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070105 IG Shop remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name" : "20070619 iG Shop 1.4 eval Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/471722/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
},
{
"name" : "3083",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3083"
},
{
"name" : "20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-June/001664.html"
},
{
"name" : "21875",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21875"
},
{
"name" : "ADV-2007-0056",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0056"
},
{
"name" : "33387",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33387"
},
{
"name" : "33388",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33388"
},
{
"name" : "23604",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23604"
},
{
"name" : "igshop-cartpage-code-execution(31301)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31301"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21875"
},
{
"name": "3083",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3083"
},
{
"name": "33388",
"refsource": "OSVDB",
"url": "http://osvdb.org/33388"
},
{
"name": "33387",
"refsource": "OSVDB",
"url": "http://osvdb.org/33387"
},
{
"name": "20070619 iG Shop 1.4 eval Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471722/100/0/threaded"
},
{
"name": "23604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23604"
},
{
"name": "20070105 IG Shop remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name": "ADV-2007-0056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0056"
},
{
"name": "igshop-cartpage-code-execution(31301)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31301"
},
{
"name": "20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-June/001664.html"
},
{
"name": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
}
]
}
}

190
2007/0xxx/CVE-2007-0284.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
},
{
"name" : "TA07-017A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
},
{
"name" : "22083",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22083"
},
{
"name" : "32897",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32897"
},
{
"name" : "32898",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32898"
},
{
"name" : "1017522",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017522"
},
{
"name" : "23794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23794"
},
{
"name" : "oracle-cpu-jan2007(31541)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32897",
"refsource": "OSVDB",
"url": "http://osvdb.org/32897"
},
{
"name": "32898",
"refsource": "OSVDB",
"url": "http://osvdb.org/32898"
},
{
"name": "23794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23794"
},
{
"name": "22083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22083"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
},
{
"name": "TA07-017A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
},
{
"name": "oracle-cpu-jan2007(31541)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
},
{
"name": "1017522",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017522"
}
]
}
}

150
2007/0xxx/CVE-2007-0361.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0361",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3145",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3145"
},
{
"name" : "22099",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22099"
},
{
"name" : "ADV-2007-0231",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0231"
},
{
"name" : "phpmyphorum-frame-file-include(31552)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0231",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0231"
},
{
"name": "22099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22099"
},
{
"name": "3145",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3145"
},
{
"name": "phpmyphorum-frame-file-include(31552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31552"
}
]
}
}

170
2007/0xxx/CVE-2007-0631.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0631",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3227",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3227"
},
{
"name" : "22314",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22314"
},
{
"name" : "ADV-2007-0424",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0424"
},
{
"name" : "31675",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/31675"
},
{
"name" : "23965",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23965"
},
{
"name" : "cascadianfaq-index-sql-injection(31968)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cascadianfaq-index-sql-injection(31968)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31968"
},
{
"name": "3227",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3227"
},
{
"name": "ADV-2007-0424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0424"
},
{
"name": "23965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23965"
},
{
"name": "31675",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31675"
},
{
"name": "22314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22314"
}
]
}
}

180
2007/0xxx/CVE-2007-0878.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an \"overflow state.\" NOTE: it is possible that this issue is related to CVE-2007-0685."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070209 Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/459571/100/0/threaded"
},
{
"name" : "20070209 RE: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/459591/100/0/threaded"
},
{
"name" : "20070209 Re: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/459584/100/0/threaded"
},
{
"name" : "20070209 Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052293.html"
},
{
"name" : "22500",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22500"
},
{
"name" : "32629",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32629"
},
{
"name" : "ie-mobile-wml-dos(32394)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32394"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an \"overflow state.\" NOTE: it is possible that this issue is related to CVE-2007-0685."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070209 Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052293.html"
},
{
"name": "20070209 Re: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459584/100/0/threaded"
},
{
"name": "20070209 RE: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459591/100/0/threaded"
},
{
"name": "22500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22500"
},
{
"name": "20070209 Denial Of Service in Internet Explorer for MS Windows Mobile 5.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459571/100/0/threaded"
},
{
"name": "32629",
"refsource": "OSVDB",
"url": "http://osvdb.org/32629"
},
{
"name": "ie-mobile-wml-dos(32394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32394"
}
]
}
}

230
2007/1xxx/CVE-2007-1171.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
},
{
"name" : "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
},
{
"name" : "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
},
{
"name" : "http://www.waraxe.us/advisory-53.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-53.html"
},
{
"name" : "http://www.nukescripts.net/index.php?op=NEArticle&sid=4076",
"refsource" : "CONFIRM",
"url" : "http://www.nukescripts.net/index.php?op=NEArticle&sid=4076"
},
{
"name" : "3337",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3337"
},
{
"name" : "20070928 CVE-2007-5125 - dupe",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
},
{
"name" : "22629",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22629"
},
{
"name" : "25805",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25805"
},
{
"name" : "26954",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26954"
},
{
"name" : "2344",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2344"
},
{
"name" : "nukesentinel-nsbypass-sql-injection(32582)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-53.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-53.html"
},
{
"name": "nukesentinel-nsbypass-sql-injection(32582)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
},
{
"name": "22629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22629"
},
{
"name": "http://www.nukescripts.net/index.php?op=NEArticle&sid=4076",
"refsource": "CONFIRM",
"url": "http://www.nukescripts.net/index.php?op=NEArticle&sid=4076"
},
{
"name": "20070928 CVE-2007-5125 - dupe",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
},
{
"name": "3337",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3337"
},
{
"name": "2344",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2344"
},
{
"name": "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
},
{
"name": "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
},
{
"name": "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
},
{
"name": "25805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25805"
},
{
"name": "26954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26954"
}
]
}
}

180
2007/1xxx/CVE-2007-1453.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.php-security.org/MOPB/MOPB-19-2007.html",
"refsource" : "MISC",
"url" : "http://www.php-security.org/MOPB/MOPB-19-2007.html"
},
{
"name" : "http://www.php.net/releases/5_2_1.php",
"refsource" : "MISC",
"url" : "http://www.php.net/releases/5_2_1.php"
},
{
"name" : "DSA-1283",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1283"
},
{
"name" : "SUSE-SA:2007:032",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_32_php.html"
},
{
"name" : "22922",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22922"
},
{
"name" : "25062",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25062"
},
{
"name" : "25056",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25056"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25056"
},
{
"name": "DSA-1283",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1283"
},
{
"name": "http://www.php.net/releases/5_2_1.php",
"refsource": "MISC",
"url": "http://www.php.net/releases/5_2_1.php"
},
{
"name": "22922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22922"
},
{
"name": "http://www.php-security.org/MOPB/MOPB-19-2007.html",
"refsource": "MISC",
"url": "http://www.php-security.org/MOPB/MOPB-19-2007.html"
},
{
"name": "25062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25062"
},
{
"name": "SUSE-SA:2007:032",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
}
]
}
}

200
2007/1xxx/CVE-2007-1578.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070320 Mercur SP4 IMAPD",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0280.html"
},
{
"name" : "3527",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3527"
},
{
"name" : "http://www.digit-labs.org/files/exploits/mercur-v1.pl",
"refsource" : "MISC",
"url" : "http://www.digit-labs.org/files/exploits/mercur-v1.pl"
},
{
"name" : "23058",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23058"
},
{
"name" : "ADV-2007-1053",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1053"
},
{
"name" : "33545",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/33545"
},
{
"name" : "1017798",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017798"
},
{
"name" : "24596",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24596"
},
{
"name" : "mercur-imap-ntlm-bo(33120)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33120"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mercur-imap-ntlm-bo(33120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33120"
},
{
"name": "http://www.digit-labs.org/files/exploits/mercur-v1.pl",
"refsource": "MISC",
"url": "http://www.digit-labs.org/files/exploits/mercur-v1.pl"
},
{
"name": "3527",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3527"
},
{
"name": "ADV-2007-1053",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1053"
},
{
"name": "1017798",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017798"
},
{
"name": "33545",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33545"
},
{
"name": "20070320 Mercur SP4 IMAPD",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0280.html"
},
{
"name": "23058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23058"
},
{
"name": "24596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24596"
}
]
}
}

200
2007/1xxx/CVE-2007-1792.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1792",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of \"PE-Shield v0.2\" and \"ASPack v1.00-1.08.02\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-1792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070628 Secunia Research: Symantec Mail Security for SMTP Boundary Errors",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/472440/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2007-48/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2007-48/advisory/"
},
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.06.26.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.06.26.html"
},
{
"name" : "24625",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24625"
},
{
"name" : "ADV-2007-2335",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2335"
},
{
"name" : "36110",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36110"
},
{
"name" : "1018301",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018301"
},
{
"name" : "24632",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24632"
},
{
"name" : "symantec-mailsecurity-attachment-dos(35105)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35105"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of \"PE-Shield v0.2\" and \"ASPack v1.00-1.08.02\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24632"
},
{
"name": "symantec-mailsecurity-attachment-dos(35105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35105"
},
{
"name": "ADV-2007-2335",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2335"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.06.26.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.06.26.html"
},
{
"name": "http://secunia.com/secunia_research/2007-48/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-48/advisory/"
},
{
"name": "1018301",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018301"
},
{
"name": "20070628 Secunia Research: Symantec Mail Security for SMTP Boundary Errors",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472440/100/0/threaded"
},
{
"name": "36110",
"refsource": "OSVDB",
"url": "http://osvdb.org/36110"
},
{
"name": "24625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24625"
}
]
}
}

170
2007/1xxx/CVE-2007-1945.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1945",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951#6107",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951#6107"
},
{
"name" : "PK36447",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK36447&apar=only"
},
{
"name" : "ADV-2007-1282",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1282"
},
{
"name" : "41605",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/41605"
},
{
"name" : "24852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24852"
},
{
"name" : "websphere-servlet-information-disclosure(33471)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33471"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PK36447",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK36447&apar=only"
},
{
"name": "41605",
"refsource": "OSVDB",
"url": "http://osvdb.org/41605"
},
{
"name": "24852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24852"
},
{
"name": "ADV-2007-1282",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1282"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951#6107",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951#6107"
},
{
"name": "websphere-servlet-information-disclosure(33471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33471"
}
]
}
}

160
2007/4xxx/CVE-2007-4193.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by (1) modifying data or (2) canceling a subscription. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070802 DVD Rental System multiple XSS and CSRF vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0020.html"
},
{
"name" : "ADV-2007-2806",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2806"
},
{
"name" : "39523",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39523"
},
{
"name" : "26310",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26310"
},
{
"name" : "drs-index-csrf(35769)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35769"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by (1) modifying data or (2) canceling a subscription. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26310"
},
{
"name": "ADV-2007-2806",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2806"
},
{
"name": "39523",
"refsource": "OSVDB",
"url": "http://osvdb.org/39523"
},
{
"name": "20070802 DVD Rental System multiple XSS and CSRF vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0020.html"
},
{
"name": "drs-index-csrf(35769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35769"
}
]
}
}

150
2007/4xxx/CVE-2007-4608.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in protection.php in ePersonnel RC_2004_02 allows remote attackers to execute arbitrary PHP code via a URL in the logout_page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070827 ePersonnel_RC_2004 Remote File Bug",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/477867/100/0/threaded"
},
{
"name" : "38439",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38439"
},
{
"name" : "3077",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3077"
},
{
"name" : "epersonnel-protection-file-include(36279)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36279"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in protection.php in ePersonnel RC_2004_02 allows remote attackers to execute arbitrary PHP code via a URL in the logout_page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "epersonnel-protection-file-include(36279)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36279"
},
{
"name": "38439",
"refsource": "OSVDB",
"url": "http://osvdb.org/38439"
},
{
"name": "20070827 ePersonnel_RC_2004 Remote File Bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477867/100/0/threaded"
},
{
"name": "3077",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3077"
}
]
}
}

210
2007/4xxx/CVE-2007-4680.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4680",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=307041",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307563",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307563"
},
{
"name" : "APPLE-SA-2007-11-14",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"name" : "TA07-319A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name" : "26444",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26444"
},
{
"name" : "ADV-2007-3868",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name" : "ADV-2008-0920",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0920/references"
},
{
"name" : "1018950",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018950"
},
{
"name" : "27643",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27643"
},
{
"name" : "macosx-cfnetwork-ssl-mitm(38463)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38463"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018950",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018950"
},
{
"name": "26444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "macosx-cfnetwork-ssl-mitm(38463)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38463"
},
{
"name": "APPLE-SA-2007-11-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307041",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307563",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307563"
},
{
"name": "27643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27643"
},
{
"name": "ADV-2008-0920",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0920/references"
},
{
"name": "TA07-319A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
}
]
}
}

150
2007/5xxx/CVE-2007-5172.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5172",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://forums.quicksilverforums.com/index.php?a=topic&t=1332",
"refsource" : "CONFIRM",
"url" : "http://forums.quicksilverforums.com/index.php?a=topic&t=1332"
},
{
"name" : "25887",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25887"
},
{
"name" : "26998",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26998"
},
{
"name" : "quicksilver-library-information-disclosure(36891)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36891"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26998"
},
{
"name": "25887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25887"
},
{
"name": "http://forums.quicksilverforums.com/index.php?a=topic&t=1332",
"refsource": "CONFIRM",
"url": "http://forums.quicksilverforums.com/index.php?a=topic&t=1332"
},
{
"name": "quicksilver-library-information-disclosure(36891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36891"
}
]
}
}

210
2007/5xxx/CVE-2007-5601.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5601",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-5601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.infosecblog.org/2007/10/nasa-bans-ie.html",
"refsource" : "MISC",
"url" : "http://www.infosecblog.org/2007/10/nasa-bans-ie.html"
},
{
"name" : "http://www.symantec.com/enterprise/security_response/weblog/2007/10/realplayer_exploit_on_the_loos.html",
"refsource" : "MISC",
"url" : "http://www.symantec.com/enterprise/security_response/weblog/2007/10/realplayer_exploit_on_the_loos.html"
},
{
"name" : "http://service.real.com/realplayer/security/191007_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/191007_player/en/"
},
{
"name" : "TA07-297A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-297A.html"
},
{
"name" : "VU#871673",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/871673"
},
{
"name" : "26130",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26130"
},
{
"name" : "ADV-2007-3548",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3548"
},
{
"name" : "1018843",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018843"
},
{
"name" : "27248",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27248"
},
{
"name" : "realplayer-activex-bo(37280)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37280"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27248",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27248"
},
{
"name": "VU#871673",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/871673"
},
{
"name": "1018843",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018843"
},
{
"name": "ADV-2007-3548",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3548"
},
{
"name": "http://www.infosecblog.org/2007/10/nasa-bans-ie.html",
"refsource": "MISC",
"url": "http://www.infosecblog.org/2007/10/nasa-bans-ie.html"
},
{
"name": "26130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26130"
},
{
"name": "http://www.symantec.com/enterprise/security_response/weblog/2007/10/realplayer_exploit_on_the_loos.html",
"refsource": "MISC",
"url": "http://www.symantec.com/enterprise/security_response/weblog/2007/10/realplayer_exploit_on_the_loos.html"
},
{
"name": "TA07-297A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-297A.html"
},
{
"name": "http://service.real.com/realplayer/security/191007_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/191007_player/en/"
},
{
"name": "realplayer-activex-bo(37280)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37280"
}
]
}
}

140
2015/2xxx/CVE-2015-2031.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2031",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-2031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21966044",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21966044"
},
{
"name" : "PI44098",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098"
},
{
"name" : "PI44105",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966044",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966044"
},
{
"name": "PI44105",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105"
},
{
"name": "PI44098",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098"
}
]
}
}

140
2015/2xxx/CVE-2015-2974.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-2974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://jvn.jp/en/jp/JVN86680970/995636/index.html",
"refsource" : "CONFIRM",
"url" : "http://jvn.jp/en/jp/JVN86680970/995636/index.html"
},
{
"name" : "JVN#86680970",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN86680970/index.html"
},
{
"name" : "JVNDB-2015-000106",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN86680970/995636/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN86680970/995636/index.html"
},
{
"name": "JVNDB-2015-000106",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000106"
},
{
"name": "JVN#86680970",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN86680970/index.html"
}
]
}
}

34
2015/3xxx/CVE-2015-3542.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3542",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3542",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2015/3xxx/CVE-2015-3652.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3652",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3652",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2015/3xxx/CVE-2015-3654.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3654",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt",
"refsource" : "CONFIRM",
"url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt"
},
{
"name" : "100602",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100602"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt"
},
{
"name": "100602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100602"
}
]
}
}

150
2015/3xxx/CVE-2015-3726.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3726",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-3726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT204941",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT204941"
},
{
"name" : "APPLE-SA-2015-06-30-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"name" : "75490",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75490"
},
{
"name" : "1032761",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032761"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT204941",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204941"
},
{
"name": "1032761",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032761"
},
{
"name": "75490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75490"
},
{
"name": "APPLE-SA-2015-06-30-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
}
]
}
}

150
2015/6xxx/CVE-2015-6099.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka \".NET Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20151111 Microsoft .NET Framework XSS / Elevation of Privilege CVE-2015-6099",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536875/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/134314/Microsoft-.NET-Framework-XSS-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/134314/Microsoft-.NET-Framework-XSS-Privilege-Escalation.html"
},
{
"name" : "MS15-118",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-118"
},
{
"name" : "1034116",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034116"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka \".NET Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/134314/Microsoft-.NET-Framework-XSS-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134314/Microsoft-.NET-Framework-XSS-Privilege-Escalation.html"
},
{
"name": "MS15-118",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-118"
},
{
"name": "20151111 Microsoft .NET Framework XSS / Elevation of Privilege CVE-2015-6099",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536875/100/0/threaded"
},
{
"name": "1034116",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034116"
}
]
}
}

130
2015/6xxx/CVE-2015-6335.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20151019 Cisco FireSIGHT Management Center Policy Code for VMware Privilege Escalation Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc"
},
{
"name" : "1033873",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033873"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033873",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033873"
},
{
"name": "20151019 Cisco FireSIGHT Management Center Policy Code for VMware Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc"
}
]
}
}

140
2015/6xxx/CVE-2015-6674.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880"
},
{
"name" : "DSA-3226",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3226"
},
{
"name" : "GLSA-201512-13",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201512-13"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880"
},
{
"name": "GLSA-201512-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-13"
},
{
"name": "DSA-3226",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3226"
}
]
}
}

220
2015/6xxx/CVE-2015-6764.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6764",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-6764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html"
},
{
"name" : "https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc",
"refsource" : "CONFIRM",
"url" : "https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=554946",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=554946"
},
{
"name" : "https://codereview.chromium.org/1440223002",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/1440223002"
},
{
"name" : "DSA-3415",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3415"
},
{
"name" : "GLSA-201603-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-09"
},
{
"name" : "openSUSE-SU-2016:0138",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html"
},
{
"name" : "openSUSE-SU-2015:2290",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html"
},
{
"name" : "openSUSE-SU-2015:2291",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html"
},
{
"name" : "78209",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/78209"
},
{
"name" : "1034298",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034298"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=554946",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=554946"
},
{
"name": "openSUSE-SU-2016:0138",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html"
},
{
"name": "https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc",
"refsource": "CONFIRM",
"url": "https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc"
},
{
"name": "openSUSE-SU-2015:2290",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html"
},
{
"name": "https://codereview.chromium.org/1440223002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1440223002"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "DSA-3415",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3415"
},
{
"name": "78209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78209"
},
{
"name": "openSUSE-SU-2015:2291",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html"
},
{
"name": "1034298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034298"
}
]
}
}

34
2015/6xxx/CVE-2015-6842.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6842",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6842",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2015/7xxx/CVE-2015-7310.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10133",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10133"
},
{
"name" : "1033654",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033654"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10133",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10133"
},
{
"name": "1033654",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033654"
}
]
}
}

180
2015/7xxx/CVE-2015-7370.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7370",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name" : "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"name" : "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"name" : "http://www.revive-adserver.com/security/revive-sa-2015-001",
"refsource" : "CONFIRM",
"url" : "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name" : "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx",
"refsource" : "CONFIRM",
"url" : "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx"
},
{
"name" : "91497",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91497"
},
{
"name" : "1036193",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036193"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.revive-adserver.com/security/revive-sa-2015-001",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "1036193",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036193"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "91497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91497"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"name": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"name": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx"
}
]
}
}

130
2015/7xxx/CVE-2015-7457.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7457",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21975358",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name" : "PI56432",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56432"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21975358",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI56432",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56432"
}
]
}
}

160
2015/7xxx/CVE-2015-7925.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7925",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20151224 eWON sa Industrial router - Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Dec/118"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03"
},
{
"name" : "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html"
},
{
"name" : "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01",
"refsource" : "CONFIRM",
"url" : "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"name" : "79625",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/79625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151224 eWON sa Industrial router - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Dec/118"
},
{
"name": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html"
},
{
"name": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01",
"refsource": "CONFIRM",
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03"
},
{
"name": "79625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79625"
}
]
}
}

140
2016/0xxx/CVE-2016-0052.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0022."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-015",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"name" : "1034975",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034975"
},
{
"name" : "1034976",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034976"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0022."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034976",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034976"
},
{
"name": "MS16-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015"
},
{
"name": "1034975",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034975"
}
]
}
}

140
2016/0xxx/CVE-2016-0201.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-0201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974242",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974242"
},
{
"name" : "80883",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/80883"
},
{
"name" : "1034696",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034696"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21974242",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974242"
},
{
"name": "80883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/80883"
},
{
"name": "1034696",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034696"
}
]
}
}

130
2016/0xxx/CVE-2016-0239.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-0239",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988999",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988999"
},
{
"name" : "93827",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93827"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988999",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988999"
},
{
"name": "93827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93827"
}
]
}
}

120
2016/0xxx/CVE-2016-0877.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-0877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01"
}
]
}
}

34
2016/1000xxx/CVE-2016-1000361.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1000361",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9848. Reason: This candidate is a reservation duplicate of CVE-2016-9848. Notes: All CVE users should reference CVE-2016-9848 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-1000361",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9848. Reason: This candidate is a reservation duplicate of CVE-2016-9848. Notes: All CVE users should reference CVE-2016-9848 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

150
2016/1xxx/CVE-2016-1047.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1047",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-1047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-295",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-295"
},
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
},
{
"name" : "90512",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90512"
},
{
"name" : "1035828",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035828"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90512"
},
{
"name": "1035828",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035828"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-295",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-295"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
}
]
}
}

140
2016/4xxx/CVE-2016-4258.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html"
},
{
"name" : "92928",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92928"
},
{
"name" : "1036793",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036793"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036793",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036793"
},
{
"name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html"
},
{
"name": "92928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92928"
}
]
}
}

270
2016/4xxx/CVE-2016-4555.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/06/3"
},
{
"name" : "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/06/5"
},
{
"name" : "http://bugs.squid-cache.org/show_bug.cgi?id=4455",
"refsource" : "CONFIRM",
"url" : "http://bugs.squid-cache.org/show_bug.cgi?id=4455"
},
{
"name" : "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt"
},
{
"name" : "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch"
},
{
"name" : "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "DSA-3625",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3625"
},
{
"name" : "GLSA-201607-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201607-01"
},
{
"name" : "RHSA-2016:1139",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name" : "RHSA-2016:1140",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name" : "openSUSE-SU-2016:2081",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name" : "SUSE-SU-2016:1996",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name" : "SUSE-SU-2016:2089",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name" : "USN-2995-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name" : "1035770",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.squid-cache.org/show_bug.cgi?id=4455",
"refsource": "CONFIRM",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4455"
},
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch"
},
{
"name": "USN-2995-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/5"
},
{
"name": "RHSA-2016:1140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "1035770",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035770"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt"
},
{
"name": "RHSA-2016:1139",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/3"
},
{
"name": "DSA-3625",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3625"
}
]
}
}

210
2016/4xxx/CVE-2016-4772.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-4772",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207141",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207141"
},
{
"name" : "https://support.apple.com/HT207142",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207142"
},
{
"name" : "https://support.apple.com/HT207143",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207143"
},
{
"name" : "https://support.apple.com/HT207170",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207170"
},
{
"name" : "APPLE-SA-2016-09-20",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
},
{
"name" : "APPLE-SA-2016-09-20-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
},
{
"name" : "APPLE-SA-2016-09-20-5",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html"
},
{
"name" : "APPLE-SA-2016-09-20-6",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html"
},
{
"name" : "93054",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93054"
},
{
"name" : "1036858",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036858"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207141",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207141"
},
{
"name": "1036858",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036858"
},
{
"name": "APPLE-SA-2016-09-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
},
{
"name": "APPLE-SA-2016-09-20-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
},
{
"name": "APPLE-SA-2016-09-20-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html"
},
{
"name": "APPLE-SA-2016-09-20-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html"
},
{
"name": "93054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93054"
},
{
"name": "https://support.apple.com/HT207170",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207170"
},
{
"name": "https://support.apple.com/HT207142",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207142"
},
{
"name": "https://support.apple.com/HT207143",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207143"
}
]
}
}

150
2016/4xxx/CVE-2016-4889.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.manageengine.com/products/service-desk/readme-9.0.html",
"refsource" : "CONFIRM",
"url" : "https://www.manageengine.com/products/service-desk/readme-9.0.html"
},
{
"name" : "JVN#89726415",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN89726415/index.html"
},
{
"name" : "JVNDB-2016-000170",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000170.html"
},
{
"name" : "93215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93215"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000170",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000170.html"
},
{
"name": "https://www.manageengine.com/products/service-desk/readme-9.0.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/service-desk/readme-9.0.html"
},
{
"name": "93215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93215"
},
{
"name": "JVN#89726415",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN89726415/index.html"
}
]
}
}

34
2016/5xxx/CVE-2016-5320.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5320",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-5320",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

180
2016/5xxx/CVE-2016-5412.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-5412",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160728 CVE-2016-5412 Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/28/2"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93d17397e4e2182fdaad503e2f9da46202c0f1c3",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93d17397e4e2182fdaad503e2f9da46202c0f1c3"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f024ee098476a3e620232e4a78cfac505f121245",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f024ee098476a3e620232e4a78cfac505f121245"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1349916",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1349916"
},
{
"name" : "https://github.com/torvalds/linux/commit/93d17397e4e2182fdaad503e2f9da46202c0f1c3",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/93d17397e4e2182fdaad503e2f9da46202c0f1c3"
},
{
"name" : "https://github.com/torvalds/linux/commit/f024ee098476a3e620232e4a78cfac505f121245",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/f024ee098476a3e620232e4a78cfac505f121245"
},
{
"name" : "RHSA-2016:2574",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349916",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349916"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f024ee098476a3e620232e4a78cfac505f121245",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f024ee098476a3e620232e4a78cfac505f121245"
},
{
"name": "[oss-security] 20160728 CVE-2016-5412 Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/28/2"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93d17397e4e2182fdaad503e2f9da46202c0f1c3",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93d17397e4e2182fdaad503e2f9da46202c0f1c3"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "https://github.com/torvalds/linux/commit/93d17397e4e2182fdaad503e2f9da46202c0f1c3",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/93d17397e4e2182fdaad503e2f9da46202c0f1c3"
},
{
"name": "https://github.com/torvalds/linux/commit/f024ee098476a3e620232e4a78cfac505f121245",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f024ee098476a3e620232e4a78cfac505f121245"
}
]
}
}

226
2019/0xxx/CVE-2019-0244.json
View File

@ -1,115 +1,115 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2019-0244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SAP CRM WebClient UI (SAPSCORE)",
"version" : {
"version_data" : [
{
"version_name" : "<",
"version_value" : "1.12"
}
]
}
},
{
"product_name" : "SAP CRM WebClient UI (S4FND)",
"version" : {
"version_data" : [
{
"version_name" : "<",
"version_value" : "1.02"
}
]
}
},
{
"product_name" : "SAP CRM WebClient UI (WEBCUIF)",
"version" : {
"version_data" : [
{
"version_name" : "<",
"version_value" : "7.31"
},
{
"version_name" : "<",
"version_value" : "7.46"
},
{
"version_name" : "<",
"version_value" : "7.47"
},
{
"version_name" : "<",
"version_value" : "7.48"
},
{
"version_name" : "<",
"version_value" : "8.0"
},
{
"version_name" : "<",
"version_value" : "8.01"
}
]
}
}
]
},
"vendor_name" : "SAP SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP CRM WebClient UI (SAPSCORE)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1.12"
}
]
}
},
{
"product_name": "SAP CRM WebClient UI (S4FND)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1.02"
}
]
}
},
{
"product_name": "SAP CRM WebClient UI (WEBCUIF)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.46"
},
{
"version_name": "<",
"version_value": "7.47"
},
{
"version_name": "<",
"version_value": "7.48"
},
{
"version_name": "<",
"version_value": "8.0"
},
{
"version_name": "<",
"version_value": "8.01"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://launchpad.support.sap.com/#/notes/2588763",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
"refsource" : "MISC",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
},
{
"name" : "106473",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106473"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2588763",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name": "106473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106473"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
]
}
}

34
2019/0xxx/CVE-2019-0380.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0380",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0380",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0451.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0451",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0451",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0798.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0798",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0798",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/3xxx/CVE-2019-3134.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3134",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3134",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/3xxx/CVE-2019-3585.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3585",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3585",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/3xxx/CVE-2019-3690.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3690",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3690",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4064.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4064",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4064",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4508.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4508",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4508",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4717.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4717",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4717",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/7xxx/CVE-2019-7510.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7510",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7510",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/8xxx/CVE-2019-8163.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8163",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8163",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2019/8xxx/CVE-2019-8419.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VNote 2.2 has XSS via a new text note."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/tamlok/vnote/issues/564",
"refsource" : "MISC",
"url" : "https://github.com/tamlok/vnote/issues/564"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VNote 2.2 has XSS via a new text note."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tamlok/vnote/issues/564",
"refsource": "MISC",
"url": "https://github.com/tamlok/vnote/issues/564"
}
]
}
}

34
2019/8xxx/CVE-2019-8845.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8845",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8845",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/8xxx/CVE-2019-8850.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8850",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8850",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/9xxx/CVE-2019-9300.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9300",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9300",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/9xxx/CVE-2019-9302.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9302",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9302",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2019/9xxx/CVE-2019-9598.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9598",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/chshcms/cscms/issues/4",
"refsource" : "MISC",
"url" : "https://github.com/chshcms/cscms/issues/4"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chshcms/cscms/issues/4",
"refsource": "MISC",
"url": "https://github.com/chshcms/cscms/issues/4"
}
]
}
}

130
2019/9xxx/CVE-2019-9718.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982",
"refsource" : "MISC",
"url" : "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982"
},
{
"name" : "107382",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107382"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982",
"refsource": "MISC",
"url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982"
},
{
"name": "107382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107382"
}
]
}
}