admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:30:31 +00:00
parent fa647f1506
commit cc78435c9e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
65 changed files with 4256 additions and 4256 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2007/2xxx/CVE-2007-2240.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2007-2240", "ID": "CVE-2007-2240",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649" "lang": "eng",
}, "value": "The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download."
{ }
"name" : "MS07-045", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#570705", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/570705" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25311", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/25311" ]
}, },
{ "references": {
"name" : "ADV-2007-2882", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2882" "name": "ADV-2007-2882",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2882"
"name" : "39555", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/39555" "name": "39555",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/39555"
"name" : "26482", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26482" "name": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649",
}, "refsource": "CONFIRM",
{ "url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649"
"name" : "ibm-lenovo-acprunner-code-execution(36028)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36028" "name": "MS07-045",
} "refsource": "MS",
] "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"
} },
} {
"name": "26482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26482"
},
{
"name": "ibm-lenovo-acprunner-code-execution(36028)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36028"
},
{
"name": "25311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25311"
},
{
"name": "VU#570705",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/570705"
}
]
}
}

210
2007/2xxx/CVE-2007-2457.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2457", "ID": "CVE-2007-2457",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070414 Pixaria Gallery 1.0 (class.Smarty.php) Remote File Include Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/465847/100/200/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter."
{ }
"name" : "3733", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/3733" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://pixaria.com/index.history.php", "description": [
"refsource" : "CONFIRM", {
"url" : "http://pixaria.com/index.history.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.pixaria.com/news/article/70/", ]
"refsource" : "CONFIRM", }
"url" : "http://www.pixaria.com/news/article/70/" ]
}, },
{ "references": {
"name" : "http://www.pixaria.com/news/article/71/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.pixaria.com/news/article/71/" "name": "http://www.pixaria.com/news/article/71/",
}, "refsource": "CONFIRM",
{ "url": "http://www.pixaria.com/news/article/71/"
"name" : "23489", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/23489" "name": "3733",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/3733"
"name" : "ADV-2007-1390", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1390" "name": "20070414 Pixaria Gallery 1.0 (class.Smarty.php) Remote File Include Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/465847/100/200/threaded"
"name" : "34976", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/34976" "name": "ADV-2007-1390",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/1390"
"name" : "24821", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24821" "name": "pixaria-classsmarty-file-include(33662)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33662"
"name" : "pixaria-classsmarty-file-include(33662)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33662" "name": "23489",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/23489"
} },
} {
"name": "http://www.pixaria.com/news/article/70/",
"refsource": "CONFIRM",
"url": "http://www.pixaria.com/news/article/70/"
},
{
"name": "24821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24821"
},
{
"name": "http://pixaria.com/index.history.php",
"refsource": "CONFIRM",
"url": "http://pixaria.com/index.history.php"
},
{
"name": "34976",
"refsource": "OSVDB",
"url": "http://osvdb.org/34976"
}
]
}
}

160
2007/3xxx/CVE-2007-3277.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3277", "ID": "CVE-2007-3277",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=516776", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=516776" "lang": "eng",
}, "value": "Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors."
{ }
"name" : "24508", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24508" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37514", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37514" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25709", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/25709" ]
}, },
{ "references": {
"name" : "wikindx-localization-security-bypass(34922)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34922" "name": "25709",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/25709"
} },
} {
"name": "24508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24508"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=516776",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=516776"
},
{
"name": "37514",
"refsource": "OSVDB",
"url": "http://osvdb.org/37514"
},
{
"name": "wikindx-localization-security-bypass(34922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34922"
}
]
}
}

460
2007/3xxx/CVE-2007-3476.json
View File

@ -1,232 +1,232 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3476", "ID": "CVE-2007-3476",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070907 FLEA-2007-0052-1 gd", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/478796/100/0/threaded" "lang": "eng",
}, "value": "Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault."
{ }
"name" : "http://www.libgd.org/ReleaseNote020035", ]
"refsource" : "MISC", },
"url" : "http://www.libgd.org/ReleaseNote020035" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.libgd.org/?do=details&task_id=87", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.libgd.org/?do=details&task_id=87" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz", ]
"refsource" : "CONFIRM", }
"url" : "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz" ]
}, },
{ "references": {
"name" : "https://issues.rpath.com/browse/RPL-1643", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-1643" "name": "37741",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/37741"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=277421", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=277421" "name": "http://bugs.libgd.org/?do=details&task_id=87",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.libgd.org/?do=details&task_id=87"
"name" : "DSA-1613", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1613" "name": "2007-0024",
}, "refsource": "TRUSTIX",
{ "url": "http://www.trustix.org/errata/2007/0024/"
"name" : "FEDORA-2007-2055", },
"refsource" : "FEDORA", {
"url" : "http://fedoranews.org/updates/FEDORA-2007-205.shtml" "name": "MDKSA-2007:164",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
"name" : "FEDORA-2007-692", },
"refsource" : "FEDORA", {
"url" : "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html" "name": "29157",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29157"
"name" : "FEDORA-2010-19022", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html" "name": "DSA-1613",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1613"
"name" : "FEDORA-2010-19033", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html" "name": "oval:org.mitre.oval:def:10348",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348"
"name" : "GLSA-200708-05", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200708-05.xml" "name": "http://www.libgd.org/ReleaseNote020035",
}, "refsource": "MISC",
{ "url": "http://www.libgd.org/ReleaseNote020035"
"name" : "GLSA-200711-34", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200711-34.xml" "name": "26415",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26415"
"name" : "GLSA-200805-13", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200805-13.xml" "name": "https://issues.rpath.com/browse/RPL-1643",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-1643"
"name" : "MDKSA-2007:153", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=277421",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
"name" : "MDKSA-2007:164", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164" "name": "GLSA-200805-13",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
"name" : "RHSA-2008:0146", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0146.html" "name": "20070907 FLEA-2007-0052-1 gd",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
"name" : "SUSE-SR:2007:015", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" "name": "26467",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26467"
"name" : "2007-0024", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2007/0024/" "name": "31168",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31168"
"name" : "24651", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24651" "name": "42813",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42813"
"name" : "37741", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37741" "name": "GLSA-200708-05",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
"name" : "oval:org.mitre.oval:def:10348", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348" "name": "30168",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30168"
"name" : "25860", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25860" "name": "FEDORA-2007-692",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
"name" : "26272", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26272" "name": "ADV-2011-0022",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0022"
"name" : "26390", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26390" "name": "25860",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25860"
"name" : "26415", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26415" "name": "26663",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26663"
"name" : "26467", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26467" "name": "FEDORA-2010-19033",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
"name" : "26663", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26663" "name": "26856",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26856"
"name" : "26766", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26766" "name": "26272",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26272"
"name" : "26856", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26856" "name": "GLSA-200711-34",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
"name" : "29157", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29157" "name": "RHSA-2008:0146",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
"name" : "30168", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30168" "name": "FEDORA-2010-19022",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
"name" : "31168", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31168" "name": "24651",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/24651"
"name" : "42813", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42813" "name": "MDKSA-2007:153",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
"name" : "ADV-2011-0022", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0022" "name": "26766",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/26766"
} },
} {
"name": "26390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26390"
},
{
"name": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz",
"refsource": "CONFIRM",
"url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "FEDORA-2007-2055",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
}
]
}
}

230
2007/3xxx/CVE-2007-3504.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3504", "ID": "CVE-2007-3504",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070702 High Risk Flaw in Sun's Java Web Start", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/472673/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file."
{ }
"name" : "http://docs.info.apple.com/article.html?artnum=307177", ]
"refsource" : "MISC", },
"url" : "http://docs.info.apple.com/article.html?artnum=307177" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2007-12-14", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "102957", ]
"refsource" : "SUNALERT", }
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1" ]
}, },
{ "references": {
"name" : "24695", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24695" "name": "ADV-2007-2384",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2384"
"name" : "37755", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37755" "name": "http://docs.info.apple.com/article.html?artnum=307177",
}, "refsource": "MISC",
{ "url": "http://docs.info.apple.com/article.html?artnum=307177"
"name" : "ADV-2007-2384", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2384" "name": "1018328",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018328"
"name" : "ADV-2007-4224", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/4224" "name": "37755",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/37755"
"name" : "1018328", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018328" "name": "javaweb-javapolicy-code-execution(35169)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35169"
"name" : "25823", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25823" "name": "APPLE-SA-2007-12-14",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
"name" : "28115", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28115" "name": "ADV-2007-4224",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/4224"
"name" : "javaweb-javapolicy-code-execution(35169)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35169" "name": "25823",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/25823"
} },
} {
"name": "102957",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1"
},
{
"name": "28115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28115"
},
{
"name": "20070702 High Risk Flaw in Sun's Java Web Start",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472673/100/0/threaded"
},
{
"name": "24695",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24695"
}
]
}
}

160
2007/3xxx/CVE-2007-3537.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3537", "ID": "CVE-2007-3537",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MA28921", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=nas2742405285431729b86256e620067dc17" "lang": "eng",
}, "value": "IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules."
{ }
"name" : "24706", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24706" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37792", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37792" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25885", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/25885" ]
}, },
{ "references": {
"name" : "os400-tcpsyn-security-bypass(35173)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35173" "name": "25885",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/25885"
} },
} {
"name": "37792",
"refsource": "OSVDB",
"url": "http://osvdb.org/37792"
},
{
"name": "MA28921",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=nas2742405285431729b86256e620067dc17"
},
{
"name": "os400-tcpsyn-security-bypass(35173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35173"
},
{
"name": "24706",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24706"
}
]
}
}

200
2007/3xxx/CVE-2007-3893.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2007-3893", "ID": "CVE-2007-3893",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBST02280", "description_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/482366/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error."
{ }
"name" : "SSRT071480", ]
"refsource" : "HP", },
"url" : "http://www.securityfocus.com/archive/1/482366/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS07-057", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA07-282A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-282A.html" ]
}, },
{ "references": {
"name" : "25916", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25916" "name": "oval:org.mitre.oval:def:2284",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2284"
"name" : "ADV-2007-3437", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3437" "name": "HPSBST02280",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
"name" : "oval:org.mitre.oval:def:2284", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2284" "name": "SSRT071480",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
"name" : "1018788", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1018788" "name": "ADV-2007-3437",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/3437"
"name" : "23469", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23469" "name": "1018788",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1018788"
} },
} {
"name": "23469",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23469"
},
{
"name": "MS07-057",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057"
},
{
"name": "TA07-282A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
},
{
"name": "25916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25916"
}
]
}
}

120
2007/3xxx/CVE-2007-3992.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3992", "ID": "CVE-2007-3992",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "26153", "description_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26153" "lang": "eng",
} "value": "SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26153"
}
]
}
}

150
2007/4xxx/CVE-2007-4113.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4113", "ID": "CVE-2007-4113",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Advanced Webhost Billing System (AWBS) before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.justinsamuel.com/2007/06/10/awbs-dedicated-server-info-visible-to-all-users-vulnerability/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.justinsamuel.com/2007/06/10/awbs-dedicated-server-info-visible-to-all-users-vulnerability/" "lang": "eng",
}, "value": "Unspecified vulnerability in Advanced Webhost Billing System (AWBS) before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors."
{ }
"name" : "25089", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/25089" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38690", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/38690" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26214", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/26214" ]
} },
] "references": {
} "reference_data": [
} {
"name": "26214",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26214"
},
{
"name": "http://www.justinsamuel.com/2007/06/10/awbs-dedicated-server-info-visible-to-all-users-vulnerability/",
"refsource": "MISC",
"url": "http://www.justinsamuel.com/2007/06/10/awbs-dedicated-server-info-visible-to-all-users-vulnerability/"
},
{
"name": "25089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25089"
},
{
"name": "38690",
"refsource": "OSVDB",
"url": "http://osvdb.org/38690"
}
]
}
}

210
2007/4xxx/CVE-2007-4158.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4158", "ID": "CVE-2007-4158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070730 Security Testing Enterprise Messaging Systems", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html" "lang": "eng",
}, "value": "Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830."
{ }
"name" : "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.irmplc.com/index.php/111-Vendor-Alerts", "description": [
"refsource" : "MISC", {
"url" : "http://www.irmplc.com/index.php/111-Vendor-Alerts" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.irmplc.com/index.php/160-Advisory-025", ]
"refsource" : "MISC", }
"url" : "http://www.irmplc.com/index.php/160-Advisory-025" ]
}, },
{ "references": {
"name" : "20071203 CVE-2007-4158 == CVE-2007-5553?", "reference_data": [
"refsource" : "VIM", {
"url" : "http://www.attrition.org/pipermail/vim/2007-December/001855.html" "name": "37680",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/37680"
"name" : "25132", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25132" "name": "20071203 CVE-2007-4158 == CVE-2007-5553?",
}, "refsource": "VIM",
{ "url": "http://www.attrition.org/pipermail/vim/2007-December/001855.html"
"name" : "ADV-2007-2814", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2814" "name": "http://www.irmplc.com/index.php/111-Vendor-Alerts",
}, "refsource": "MISC",
{ "url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
"name" : "37680", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37680" "name": "1018512",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018512"
"name" : "1018512", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018512" "name": "20070730 Security Testing Enterprise Messaging Systems",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
"name" : "26337", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26337" "name": "25132",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/25132"
} },
} {
"name": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf",
"refsource": "MISC",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "http://www.irmplc.com/index.php/160-Advisory-025",
"refsource": "MISC",
"url": "http://www.irmplc.com/index.php/160-Advisory-025"
},
{
"name": "26337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26337"
},
{
"name": "ADV-2007-2814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
]
}
}

170
2007/4xxx/CVE-2007-4342.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4342", "ID": "CVE-2007-4342",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in include.php in PHPCentral Login 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: a third party disputes this vulnerability because of the special nature of the SERVER superglobal array."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070812 PHPCentral Login Script Remote Command Execution Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/476274/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in include.php in PHPCentral Login 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: a third party disputes this vulnerability because of the special nature of the SERVER superglobal array."
{ }
"name" : "20070814 Re: PHPCentral Login Script Remote Command Execution Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/476437/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20070815 Re: PHPCentral Login Script Remote Command Execution Vulnerability", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/476608/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "38880", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/38880" ]
}, },
{ "references": {
"name" : "3005", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3005" "name": "20070812 PHPCentral Login Script Remote Command Execution Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/476274/100/0/threaded"
"name" : "phpcentrallogin-include-file-include(35980)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35980" "name": "phpcentrallogin-include-file-include(35980)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35980"
} },
} {
"name": "20070814 Re: PHPCentral Login Script Remote Command Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476437/100/0/threaded"
},
{
"name": "20070815 Re: PHPCentral Login Script Remote Command Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476608/100/0/threaded"
},
{
"name": "38880",
"refsource": "OSVDB",
"url": "http://osvdb.org/38880"
},
{
"name": "3005",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3005"
}
]
}
}

150
2007/6xxx/CVE-2007-6079.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6079", "ID": "CVE-2007-6079",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4637", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4637" "lang": "eng",
}, "value": "Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file."
{ }
"name" : "26505", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/26505" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-3962", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3962" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "bcoos-common-file-include(38592)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38592" ]
} },
] "references": {
} "reference_data": [
} {
"name": "26505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26505"
},
{
"name": "4637",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4637"
},
{
"name": "ADV-2007-3962",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3962"
},
{
"name": "bcoos-common-file-include(38592)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38592"
}
]
}
}

130
2007/6xxx/CVE-2007-6221.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6221", "ID": "CVE-2007-6221",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "27866", "description_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27866" "lang": "eng",
}, "value": "TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "tumusika-phpinfo-information-disclosure(38724)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38724" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27866",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27866"
},
{
"name": "tumusika-phpinfo-information-disclosure(38724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38724"
}
]
}
}

150
2007/6xxx/CVE-2007-6676.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6676", "ID": "CVE-2007-6676",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2) .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via (a) uu_file_upload.php, related to uu_file_upload.js and (b) uber_uploader_file.php, related to uber_uploader_file.js, a different issue than CVE-2007-0123. NOTE: the vendor disputes the severity of the issue, noting that it is the administrator's responsibility to \"add file extensions that you may or may not want uploaded.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071217 Uber Uploader <= 5.3.6 Remote File Upload Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/485235/100/100/threaded" "lang": "eng",
}, "value": "The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2) .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via (a) uu_file_upload.php, related to uu_file_upload.js and (b) uber_uploader_file.php, related to uber_uploader_file.js, a different issue than CVE-2007-0123. NOTE: the vendor disputes the severity of the issue, noting that it is the administrator's responsibility to \"add file extensions that you may or may not want uploaded.\""
{ }
"name" : "20071218 Re: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/485290/100/100/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "43535", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/43535" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3519", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/3519" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20071218 Re: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485290/100/100/threaded"
},
{
"name": "20071217 Uber Uploader <= 5.3.6 Remote File Upload Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485235/100/100/threaded"
},
{
"name": "3519",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3519"
},
{
"name": "43535",
"refsource": "OSVDB",
"url": "http://osvdb.org/43535"
}
]
}
}

160
2007/6xxx/CVE-2007-6680.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6680", "ID": "CVE-2007-6680",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "IZ12119", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ12119" "lang": "eng",
}, "value": "Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy."
{ }
"name" : "27177", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27177" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-0060", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0060" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1019158", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1019158" ]
}, },
{ "references": {
"name" : "28257", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28257" "name": "27177",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/27177"
} },
} {
"name": "ADV-2008-0060",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0060"
},
{
"name": "1019158",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019158"
},
{
"name": "28257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28257"
},
{
"name": "IZ12119",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ12119"
}
]
}
}

130
2010/1xxx/CVE-2010-1102.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1102", "ID": "CVE-2010-1102",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100323 Safari browser port blocking bypassed by integer overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/510283/100/0/threaded" "lang": "eng",
}, "value": "Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25."
{ }
"name" : "omniweb-tcp-security-bypass(57236)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57236" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "omniweb-tcp-security-bypass(57236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57236"
},
{
"name": "20100323 Safari browser port blocking bypassed by integer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510283/100/0/threaded"
}
]
}
}

150
2010/1xxx/CVE-2010-1739.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1739", "ID": "CVE-2010-1739",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/1004-exploits/joomlanewsfeeds-sql.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/1004-exploits/joomlanewsfeeds-sql.txt" "lang": "eng",
}, "value": "SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php."
{ }
"name" : "12465", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/12465" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39834", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/39834" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "comnewsfeeds-feedid-sql-injection(58263)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58263" ]
} },
] "references": {
} "reference_data": [
} {
"name": "comnewsfeeds-feedid-sql-injection(58263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58263"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlanewsfeeds-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlanewsfeeds-sql.txt"
},
{
"name": "39834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39834"
},
{
"name": "12465",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12465"
}
]
}
}

130
2010/1xxx/CVE-2010-1866.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1866", "ID": "CVE-2010-1866",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html" "lang": "eng",
}, "value": "The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder."
{ }
"name" : "SUSE-SR:2010:017", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html",
"refsource": "MISC",
"url": "http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
}
]
}
}

200
2010/5xxx/CVE-2010-5173.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-5173", "ID": "CVE-2010-5173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" "lang": "eng",
}, "value": "** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
{ }
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", "description": [
"refsource" : "MISC", {
"url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", ]
"refsource" : "MISC", }
"url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" ]
}, },
{ "references": {
"name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", "reference_data": [
"refsource" : "MISC", {
"url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
"name" : "http://www.f-secure.com/weblog/archives/00001949.html", },
"refsource" : "MISC", {
"url" : "http://www.f-secure.com/weblog/archives/00001949.html" "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
}, "refsource": "MISC",
{ "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
"name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", },
"refsource" : "MISC", {
"url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" "name": "39924",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/39924"
"name" : "39924", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/39924" "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
}, "refsource": "MISC",
{ "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
"name" : "67660", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/67660" "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
} "refsource": "FULLDISC",
] "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
} },
} {
"name": "67660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67660"
},
{
"name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name": "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource": "MISC",
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
]
}
}

220
2010/5xxx/CVE-2010-5177.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-5177", "ID": "CVE-2010-5177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" "lang": "eng",
}, "value": "** DISPUTED ** Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
{ }
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", "description": [
"refsource" : "MISC", {
"url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", ]
"refsource" : "MISC", }
"url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" ]
}, },
{ "references": {
"name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", "reference_data": [
"refsource" : "MISC", {
"url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
"name" : "http://nakedsecurity.sophos.com/2010/05/11/khobe-vulnerability-earth-shaker/", },
"refsource" : "MISC", {
"url" : "http://nakedsecurity.sophos.com/2010/05/11/khobe-vulnerability-earth-shaker/" "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
}, "refsource": "MISC",
{ "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
"name" : "http://nakedsecurity.sophos.com/2010/05/11/khobe-vulnerability-game-security-software/", },
"refsource" : "MISC", {
"url" : "http://nakedsecurity.sophos.com/2010/05/11/khobe-vulnerability-game-security-software/" "name": "http://nakedsecurity.sophos.com/2010/05/11/khobe-vulnerability-earth-shaker/",
}, "refsource": "MISC",
{ "url": "http://nakedsecurity.sophos.com/2010/05/11/khobe-vulnerability-earth-shaker/"
"name" : "http://www.f-secure.com/weblog/archives/00001949.html", },
"refsource" : "MISC", {
"url" : "http://www.f-secure.com/weblog/archives/00001949.html" "name": "39924",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/39924"
"name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", },
"refsource" : "MISC", {
"url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
}, "refsource": "MISC",
{ "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
"name" : "39924", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/39924" "name": "http://nakedsecurity.sophos.com/2010/05/11/khobe-vulnerability-game-security-software/",
}, "refsource": "MISC",
{ "url": "http://nakedsecurity.sophos.com/2010/05/11/khobe-vulnerability-game-security-software/"
"name" : "67660", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/67660" "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
} "refsource": "FULLDISC",
] "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
} },
} {
"name": "67660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67660"
},
{
"name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name": "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource": "MISC",
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
]
}
}

34
2014/0xxx/CVE-2014-0025.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-0025", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-0025",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-1690. Reason: This candidate is a reservation duplicate of CVE-2014-1690. Notes: All CVE users should reference CVE-2014-1690 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-1690. Reason: This candidate is a reservation duplicate of CVE-2014-1690. Notes: All CVE users should reference CVE-2014-1690 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

140
2014/0xxx/CVE-2014-0740.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-0740", "ID": "CVE-2014-0740",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33049", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33049" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701."
{ }
"name" : "20140225 Cisco Unified Communications Manager OS Administration CSRF Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1029843", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029843" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33049",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33049"
},
{
"name": "20140225 Cisco Unified Communications Manager OS Administration CSRF Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740"
},
{
"name": "1029843",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029843"
}
]
}
}

34
2014/0xxx/CVE-2014-0939.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-0939", "ID": "CVE-2014-0939",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2014/1xxx/CVE-2014-1242.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-1242", "ID": "CVE-2014-1242",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT6001", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT6001" "lang": "eng",
}, "value": "Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream."
{ }
"name" : "65088", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/65088" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102410", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/102410" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1029671", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1029671" ]
}, },
{ "references": {
"name" : "apple-itunes-cve20141242-mitm(90653)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90653" "name": "65088",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/65088"
} },
} {
"name": "1029671",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029671"
},
{
"name": "102410",
"refsource": "OSVDB",
"url": "http://osvdb.org/102410"
},
{
"name": "http://support.apple.com/kb/HT6001",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6001"
},
{
"name": "apple-itunes-cve20141242-mitm(90653)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90653"
}
]
}
}

120
2014/1xxx/CVE-2014-1319.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-1319", "ID": "CVE-2014-1319",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2014-04-22-1", "description_data": [
"refsource" : "APPLE", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" "lang": "eng",
} "value": "Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2014-04-22-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
}
]
}
}

34
2014/1xxx/CVE-2014-1431.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-1431", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-1431",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

310
2014/1xxx/CVE-2014-1567.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2014-1567", "ID": "CVE-2014-1567",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-72.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-72.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1037641", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1037641" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3018", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2014/dsa-3018" ]
}, },
{ "references": {
"name" : "DSA-3028", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3028" "name": "openSUSE-SU-2015:0138",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
"name" : "GLSA-201504-01", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201504-01" "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-72.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-72.html"
"name" : "SUSE-SU-2014:1107", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1037641",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1037641"
"name" : "SUSE-SU-2014:1112", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html" "name": "SUSE-SU-2014:1112",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html"
"name" : "SUSE-SU-2014:1120", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html" "name": "69520",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/69520"
"name" : "openSUSE-SU-2014:1098", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html" "name": "GLSA-201504-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201504-01"
"name" : "openSUSE-SU-2014:1099", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
"name" : "openSUSE-SU-2015:0138", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html" "name": "DSA-3018",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-3018"
"name" : "openSUSE-SU-2015:1266", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" "name": "1030794",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1030794"
"name" : "69520", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/69520" "name": "SUSE-SU-2014:1120",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html"
"name" : "1030793", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030793" "name": "openSUSE-SU-2015:1266",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
"name" : "1030794", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030794" "name": "60186",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60186"
"name" : "60148", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60148" "name": "61390",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/61390"
"name" : "60186", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60186" "name": "openSUSE-SU-2014:1098",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html"
"name" : "61114", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61114" "name": "60148",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60148"
"name" : "61390", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61390" "name": "openSUSE-SU-2014:1099",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html"
} },
} {
"name": "61114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61114"
},
{
"name": "DSA-3028",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3028"
},
{
"name": "SUSE-SU-2014:1107",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html"
},
{
"name": "1030793",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030793"
}
]
}
}

150
2014/5xxx/CVE-2014-5250.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5250", "ID": "CVE-2014-5250",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.drupal.org/node/2316717", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.drupal.org/node/2316717" "lang": "eng",
}, "value": "Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via unspecified vectors."
{ }
"name" : "https://www.drupal.org/node/2316023", ]
"refsource" : "CONFIRM", },
"url" : "https://www.drupal.org/node/2316023" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.drupal.org/node/2316025", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.drupal.org/node/2316025" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "69091", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/69091" ]
} },
] "references": {
} "reference_data": [
} {
"name": "69091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69091"
},
{
"name": "https://www.drupal.org/node/2316717",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2316717"
},
{
"name": "https://www.drupal.org/node/2316025",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2316025"
},
{
"name": "https://www.drupal.org/node/2316023",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2316023"
}
]
}
}

160
2014/5xxx/CVE-2014-5375.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5375", "ID": "CVE-2014-5375",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140929 Moab User Impersonation [CVE-2014-5375]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/533576/100/0/threaded" "lang": "eng",
}, "value": "The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags."
{ }
"name" : "http://packetstormsecurity.com/files/128484/Moab-User-Impersonation.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/128484/Moab-User-Impersonation.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.adaptivecomputing.com/security-advisory/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.adaptivecomputing.com/security-advisory/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "70174", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/70174" ]
}, },
{ "references": {
"name" : "moab-cve20145375-sec-bypass(96698)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96698" "name": "20140929 Moab User Impersonation [CVE-2014-5375]",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/533576/100/0/threaded"
} },
} {
"name": "http://www.adaptivecomputing.com/security-advisory/",
"refsource": "CONFIRM",
"url": "http://www.adaptivecomputing.com/security-advisory/"
},
{
"name": "70174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70174"
},
{
"name": "http://packetstormsecurity.com/files/128484/Moab-User-Impersonation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128484/Moab-User-Impersonation.html"
},
{
"name": "moab-cve20145375-sec-bypass(96698)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96698"
}
]
}
}

120
2014/5xxx/CVE-2014-5424.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-5424", "ID": "CVE-2014-5424",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-294-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-294-01" "lang": "eng",
} "value": "Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-294-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-294-01"
}
]
}
}

140
2014/5xxx/CVE-2014-5444.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5444", "ID": "CVE-2014-5444",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=713247", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=713247" "lang": "eng",
}, "value": "Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate."
{ }
"name" : "https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e", ]
"refsource" : "CONFIRM", },
"url" : "https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2014:1225", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00035.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e"
},
{
"name": "openSUSE-SU-2014:1225",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00035.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=713247",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=713247"
}
]
}
}

34
2014/5xxx/CVE-2014-5478.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5478", "ID": "CVE-2014-5478",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/5xxx/CVE-2014-5731.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-5731", "ID": "CVE-2014-5731",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Word Search (aka com.virtuesoft.wordsearch) application 2.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Word Search (aka com.virtuesoft.wordsearch) application 2.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#151121", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/151121" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#151121",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/151121"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/5xxx/CVE-2014-5915.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-5915", "ID": "CVE-2014-5915",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#179897", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/179897" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#179897",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/179897"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2015/2xxx/CVE-2015-2002.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-2002", "ID": "CVE-2015-2002",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://alephsecurity.com/vulns/aleph-2015003", "description_data": [
"refsource" : "MISC", {
"url" : "https://alephsecurity.com/vulns/aleph-2015003" "lang": "eng",
}, "value": "The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function."
{ }
"name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", ]
"refsource" : "MISC", },
"url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf",
"refsource": "MISC",
"url": "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf"
},
{
"name": "https://alephsecurity.com/vulns/aleph-2015003",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2015003"
}
]
}
}

130
2015/2xxx/CVE-2015-2092.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2092", "ID": "CVE-2015-2092",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related to \"Index Out-Of-Bounds.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-053/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-053/" "lang": "eng",
}, "value": "The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related to \"Index Out-Of-Bounds.\""
{ }
"name" : "72840", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/72840" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-053/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-053/"
},
{
"name": "72840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72840"
}
]
}
}

190
2015/2xxx/CVE-2015-2296.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2296", "ID": "CVE-2015-2296",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150314 CVE Request for python-requests session fixation vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/03/14/4" "lang": "eng",
}, "value": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect."
{ }
"name" : "[oss-security] 20150314 Re: CVE Request for python-requests session fixation vulnerability", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2015/03/15/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://warehouse.python.org/project/requests/2.6.0/", ]
"refsource" : "CONFIRM", }
"url" : "https://warehouse.python.org/project/requests/2.6.0/" ]
}, },
{ "references": {
"name" : "http://advisories.mageia.org/MGASA-2015-0120.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://advisories.mageia.org/MGASA-2015-0120.html" "name": "[oss-security] 20150314 Re: CVE Request for python-requests session fixation vulnerability",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
"name" : "FEDORA-2015-4084", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html" "name": "FEDORA-2015-4084",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
"name" : "MDVSA-2015:133", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133" "name": "MDVSA-2015:133",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
"name" : "USN-2531-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2531-1" "name": "[oss-security] 20150314 CVE Request for python-requests session fixation vulnerability",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
} },
} {
"name": "USN-2531-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"name": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc",
"refsource": "CONFIRM",
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0120.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"name": "https://warehouse.python.org/project/requests/2.6.0/",
"refsource": "CONFIRM",
"url": "https://warehouse.python.org/project/requests/2.6.0/"
}
]
}
}

140
2015/2xxx/CVE-2015-2526.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-2526", "ID": "CVE-2015-2526",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka \"MVC Denial of Service Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS15-101", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-101" "lang": "eng",
}, "value": "Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka \"MVC Denial of Service Vulnerability.\""
{ }
"name" : "76567", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/76567" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1033493", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033493" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1033493",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033493"
},
{
"name": "76567",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76567"
},
{
"name": "MS15-101",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-101"
}
]
}
}

140
2015/2xxx/CVE-2015-2878.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2015-2878", "ID": "CVE-2015-2878",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150724 Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/536076/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist."
{ }
"name" : "20150724 Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/536074/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37686", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/37686/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "37686",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37686/"
},
{
"name": "20150724 Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536074/100/0/threaded"
},
{
"name": "20150724 Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536076/100/0/threaded"
}
]
}
}

130
2016/10xxx/CVE-2016-10104.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10104", "ID": "CVE-2016-10104",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://rastamouse.me/guff/2016/automize/", "description_data": [
"refsource" : "MISC", {
"url" : "https://rastamouse.me/guff/2016/automize/" "lang": "eng",
}, "value": "Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14."
{ }
"name" : "96845", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96845" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rastamouse.me/guff/2016/automize/",
"refsource": "MISC",
"url": "https://rastamouse.me/guff/2016/automize/"
},
{
"name": "96845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96845"
}
]
}
}

130
2016/10xxx/CVE-2016-10185.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10185", "ID": "CVE-2016-10185",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html" "lang": "eng",
}, "value": "An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf."
{ }
"name" : "95877", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95877" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html",
"refsource": "MISC",
"url": "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html"
},
{
"name": "95877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95877"
}
]
}
}

120
2016/10xxx/CVE-2016-10312.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10312", "ID": "CVE-2016-10312",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf" "lang": "eng",
} "value": "Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf",
"refsource": "MISC",
"url": "https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf"
}
]
}
}

150
2016/10xxx/CVE-2016-10510.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10510", "ID": "CVE-2016-10510",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180114 [SECURITY] [DLA 1241-1] libkohana2-php security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00015.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php."
{ }
"name" : "https://www.checkmarx.com/advisories/cross-site-scripting-xss-vulnerability-in-kohana/", ]
"refsource" : "MISC", },
"url" : "https://www.checkmarx.com/advisories/cross-site-scripting-xss-vulnerability-in-kohana/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/kohana/kohana/issues/107", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/kohana/kohana/issues/107" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/kohana/kohana/releases/tag/v3.3.6", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/kohana/kohana/releases/tag/v3.3.6" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[debian-lts-announce] 20180114 [SECURITY] [DLA 1241-1] libkohana2-php security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00015.html"
},
{
"name": "https://github.com/kohana/kohana/releases/tag/v3.3.6",
"refsource": "CONFIRM",
"url": "https://github.com/kohana/kohana/releases/tag/v3.3.6"
},
{
"name": "https://github.com/kohana/kohana/issues/107",
"refsource": "CONFIRM",
"url": "https://github.com/kohana/kohana/issues/107"
},
{
"name": "https://www.checkmarx.com/advisories/cross-site-scripting-xss-vulnerability-in-kohana/",
"refsource": "MISC",
"url": "https://www.checkmarx.com/advisories/cross-site-scripting-xss-vulnerability-in-kohana/"
}
]
}
}

150
2016/3xxx/CVE-2016-3833.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-3833", "ID": "CVE-2016-3833",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-08-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-08-01.html" "lang": "eng",
}, "value": "The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712."
{ }
"name" : "https://android.googlesource.com/platform/frameworks/base/+/01875b0274e74f97edf6b0d5c92de822e0555d03", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/frameworks/base/+/01875b0274e74f97edf6b0d5c92de822e0555d03" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://android.googlesource.com/platform/frameworks/base/+/4e4743a354e26467318b437892a9980eb9b8328a", "description": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/frameworks/base/+/4e4743a354e26467318b437892a9980eb9b8328a" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "92225", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/92225" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/01875b0274e74f97edf6b0d5c92de822e0555d03",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/01875b0274e74f97edf6b0d5c92de822e0555d03"
},
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/4e4743a354e26467318b437892a9980eb9b8328a",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/4e4743a354e26467318b437892a9980eb9b8328a"
},
{
"name": "92225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92225"
}
]
}
}

140
2016/4xxx/CVE-2016-4886.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2016-4886", "ID": "CVE-2016-4886",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "baserCMS plugin Mail", "product_name": "baserCMS plugin Mail",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 3.0.10 and earlier" "version_value": "version 3.0.10 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "baserCMS Users Community" "vendor_name": "baserCMS Users Community"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://basercms.net/security/JVN92765814", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://basercms.net/security/JVN92765814" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
{ }
"name" : "JVN#92765814", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN92765814/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "93217", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93217" "lang": "eng",
} "value": "Cross-site request forgery"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://basercms.net/security/JVN92765814",
"refsource": "CONFIRM",
"url": "http://basercms.net/security/JVN92765814"
},
{
"name": "JVN#92765814",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN92765814/index.html"
},
{
"name": "93217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93217"
}
]
}
}

176
2016/8xxx/CVE-2016-8325.json
View File

@ -1,90 +1,90 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-8325", "ID": "CVE-2016-8325",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "One-to-One Fulfillment", "product_name": "One-to-One Fulfillment",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "12.1.1" "version_value": "12.1.1"
}, },
{ {
"version_value" : "12.1.2" "version_value": "12.1.2"
}, },
{ {
"version_value" : "12.1.3" "version_value": "12.1.3"
}, },
{ {
"version_value" : "12.2.3" "version_value": "12.2.3"
}, },
{ {
"version_value" : "12.2.4" "version_value": "12.2.4"
}, },
{ {
"version_value" : "12.2.5" "version_value": "12.2.5"
}, },
{ {
"version_value" : "12.2.6" "version_value": "12.2.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts)."
{ }
"name" : "95595", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95595" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037639", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037639" "lang": "eng",
} "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "95595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95595"
},
{
"name": "1037639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037639"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

122
2016/8xxx/CVE-2016-8383.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-05-04T00:00:00", "DATE_PUBLIC": "2017-05-04T00:00:00",
"ID" : "CVE-2016-8383", "ID": "CVE-2016-8383",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "AntennaHouse", "product_name": "AntennaHouse",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "DMC HTMLFilter shipped with MarkLogic 8.0-5.5" "version_value": "DMC HTMLFilter shipped with MarkLogic 8.0-5.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Antenna House" "vendor_name": "Antenna House"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "arbitrary code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0208", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0208" "lang": "eng",
} "value": "An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0208",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0208"
}
]
}
}

130
2016/8xxx/CVE-2016-8398.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-8398", "ID": "CVE-2016-8398",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.10" "version_value": "Kernel-3.10"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unauthenticated Messages"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-01-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-01-01.html" "lang": "eng",
}, "value": "Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705."
{ }
"name" : "95227", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95227" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Unauthenticated Messages"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95227"
}
]
}
}

130
2016/8xxx/CVE-2016-8733.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"ID" : "CVE-2016-8733", "ID": "CVE-2016-8733",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SmartOS", "product_name": "SmartOS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "OS 20161110T013148Z" "version_value": "OS 20161110T013148Z"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Joyent" "vendor_name": "Joyent"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-9031."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "integer overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0248/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0248/" "lang": "eng",
}, "value": "An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-9031."
{ }
"name" : "94920", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94920" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94920"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0248/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0248/"
}
]
}
}

140
2016/9xxx/CVE-2016-9196.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-9196", "ID": "CVE-2016-9196",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms", "product_name": "Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms" "version_value": "Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Shell Bypass Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet" "lang": "eng",
}, "value": "A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1)."
{ }
"name" : "97468", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97468" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038187", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038187" "lang": "eng",
} "value": "Shell Bypass Vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet"
},
{
"name": "97468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97468"
},
{
"name": "1038187",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038187"
}
]
}
}

180
2016/9xxx/CVE-2016-9312.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9312", "ID": "CVE-2016-9312",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://nwtime.org/ntp428p9_release/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://nwtime.org/ntp428p9_release/" "lang": "eng",
}, "value": "ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet."
{ }
"name" : "http://support.ntp.org/bin/view/Main/NtpBug3110", ]
"refsource" : "CONFIRM", },
"url" : "http://support.ntp.org/bin/view/Main/NtpBug3110" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bto.bluecoat.com/security-advisory/sa139", ]
"refsource" : "CONFIRM", }
"url" : "https://bto.bluecoat.com/security-advisory/sa139" ]
}, },
{ "references": {
"name" : "VU#633847", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "https://www.kb.cert.org/vuls/id/633847" "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
}, "refsource": "CONFIRM",
{ "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
"name" : "94450", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94450" "name": "http://nwtime.org/ntp428p9_release/",
}, "refsource": "CONFIRM",
{ "url": "http://nwtime.org/ntp428p9_release/"
"name" : "1037354", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037354" "name": "VU#633847",
} "refsource": "CERT-VN",
] "url": "https://www.kb.cert.org/vuls/id/633847"
} },
} {
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "94450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94450"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3110",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3110"
}
]
}
}

160
2016/9xxx/CVE-2016-9313.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9313", "ID": "CVE-2016-9313",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160722 panic at big_key_preparse #4.7-r6/rc7 & master", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/07/22/1" "lang": "eng",
}, "value": "security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type."
{ }
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/torvalds/linux/commit/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb" ]
}, },
{ "references": {
"name" : "94546", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94546" "name": "[oss-security] 20160722 panic at big_key_preparse #4.7-r6/rc7 & master",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2016/07/22/1"
} },
} {
"name": "https://github.com/torvalds/linux/commit/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
},
{
"name": "94546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94546"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb"
}
]
}
}

34
2019/2xxx/CVE-2019-2341.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2341", "ID": "CVE-2019-2341",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2356.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2356", "ID": "CVE-2019-2356",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2575.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2575", "ID": "CVE-2019-2575",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2949.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2949", "ID": "CVE-2019-2949",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2998.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2998", "ID": "CVE-2019-2998",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6002.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6002", "ID": "CVE-2019-6002",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6052.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6052", "ID": "CVE-2019-6052",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6334.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6334", "ID": "CVE-2019-6334",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2019/6xxx/CVE-2019-6503.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6503", "ID": "CVE-2019-6503",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/chatopera/cosin/issues/177", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/chatopera/cosin/issues/177" "lang": "eng",
} "value": "There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chatopera/cosin/issues/177",
"refsource": "CONFIRM",
"url": "https://github.com/chatopera/cosin/issues/177"
}
]
}
}

34
2019/6xxx/CVE-2019-6679.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6679", "ID": "CVE-2019-6679",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7556.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7556", "ID": "CVE-2019-7556",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7727.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7727", "ID": "CVE-2019-7727",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7807.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7807", "ID": "CVE-2019-7807",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }