admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:11:09 +00:00
parent 717a0f0ed5
commit cf5e4a4cfd
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
62 changed files with 3813 additions and 3813 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2007/0xxx/CVE-2007-0190.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-0190", "ID": "CVE-2007-0190",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070109 edit-x ecommerce (include_dir) Remote File include", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/456439/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter."
{ }
"name" : "21974", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21974" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-0158", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/0158" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2139", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/2139" ]
}, },
{ "references": {
"name" : "editx-editaddress-file-include(31384)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31384" "name": "editx-editaddress-file-include(31384)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31384"
} },
} {
"name": "2139",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2139"
},
{
"name": "ADV-2007-0158",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0158"
},
{
"name": "21974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21974"
},
{
"name": "20070109 edit-x ecommerce (include_dir) Remote File include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456439/100/0/threaded"
}
]
}
}

140
2007/0xxx/CVE-2007-0520.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-0520", "ID": "CVE-2007-0520",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070121 SQL Injection in Unique Ads ( UDS )", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/457667/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter."
{ }
"name" : "2181", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/2181" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "uniqueads-banner-sql-injection(31660)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31660" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "uniqueads-banner-sql-injection(31660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31660"
},
{
"name": "20070121 SQL Injection in Unique Ads ( UDS )",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457667/100/0/threaded"
},
{
"name": "2181",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2181"
}
]
}
}

150
2007/1xxx/CVE-2007-1122.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-1122", "ID": "CVE-2007-1122",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/downloading.php?group_id=153333&use_mirror=osdn&filename=abc-1.02.zip", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/downloading.php?group_id=153333&use_mirror=osdn&filename=abc-1.02.zip" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information."
{ }
"name" : "22685", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/22685" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-0715", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/0715" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "24269", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/24269" ]
} },
] "references": {
} "reference_data": [
} {
"name": "22685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22685"
},
{
"name": "ADV-2007-0715",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0715"
},
{
"name": "http://sourceforge.net/project/downloading.php?group_id=153333&use_mirror=osdn&filename=abc-1.02.zip",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/downloading.php?group_id=153333&use_mirror=osdn&filename=abc-1.02.zip"
},
{
"name": "24269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24269"
}
]
}
}

150
2007/1xxx/CVE-2007-1567.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-1567", "ID": "CVE-2007-1567",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.immunityinc.com/downloads/immpartners/warftp_165.tar", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.immunityinc.com/downloads/immpartners/warftp_165.tar" "lang": "eng",
}, "value": "Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain."
{ }
"name" : "22944", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/22944" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-0933", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/0933" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "24494", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/24494" ]
} },
] "references": {
} "reference_data": [
} {
"name": "22944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22944"
},
{
"name": "24494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24494"
},
{
"name": "https://www.immunityinc.com/downloads/immpartners/warftp_165.tar",
"refsource": "MISC",
"url": "https://www.immunityinc.com/downloads/immpartners/warftp_165.tar"
},
{
"name": "ADV-2007-0933",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0933"
}
]
}
}

210
2007/1xxx/CVE-2007-1754.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2007-1754", "ID": "CVE-2007-1754",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the \"Publisher Invalid Memory Reference Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070710 EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/473309/100/0/threaded" "lang": "eng",
}, "value": "PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the \"Publisher Invalid Memory Reference Vulnerability\"."
{ }
"name" : "http://research.eeye.com/html/advisories/published/AD20070710.html", ]
"refsource" : "MISC", },
"url" : "http://research.eeye.com/html/advisories/published/AD20070710.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT071446", "description": [
"refsource" : "HP", {
"url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MS07-037", ]
"refsource" : "MS", }
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037" ]
}, },
{ "references": {
"name" : "TA07-191A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-191A.html" "name": "SSRT071446",
}, "refsource": "HP",
{ "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
"name" : "35953", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/35953" "name": "MS07-037",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037"
"name" : "ADV-2007-2479", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2479" "name": "1018353",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018353"
"name" : "oval:org.mitre.oval:def:1871", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871" "name": "http://research.eeye.com/html/advisories/published/AD20070710.html",
}, "refsource": "MISC",
{ "url": "http://research.eeye.com/html/advisories/published/AD20070710.html"
"name" : "1018353", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018353" "name": "ADV-2007-2479",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2479"
"name" : "25988", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25988" "name": "oval:org.mitre.oval:def:1871",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871"
} },
} {
"name": "TA07-191A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
},
{
"name": "25988",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25988"
},
{
"name": "35953",
"refsource": "OSVDB",
"url": "http://osvdb.org/35953"
},
{
"name": "20070710 EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473309/100/0/threaded"
}
]
}
}

170
2007/3xxx/CVE-2007-3979.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3979", "ID": "CVE-2007-3979",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4206", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4206" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter."
{ }
"name" : "24976", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24976" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-2607", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2607" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "36278", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/36278" ]
}, },
{ "references": {
"name" : "26170", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26170" "name": "ADV-2007-2607",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2607"
"name" : "blogsitepro-index-sql-injection(35514)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35514" "name": "24976",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/24976"
} },
} {
"name": "blogsitepro-index-sql-injection(35514)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35514"
},
{
"name": "36278",
"refsource": "OSVDB",
"url": "http://osvdb.org/36278"
},
{
"name": "26170",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26170"
},
{
"name": "4206",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4206"
}
]
}
}

160
2007/4xxx/CVE-2007-4149.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4149", "ID": "CVE-2007-4149",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the \"LOG.\" command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt" "lang": "eng",
}, "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the \"LOG.\" command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder."
{ }
"name" : "http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt", ]
"refsource" : "MISC", },
"url" : "http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25153", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/25153" ]
}, },
{ "references": {
"name" : "42462", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/42462" "name": "25153",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/25153"
} },
} {
"name": "http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt",
"refsource": "MISC",
"url": "http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt"
},
{
"name": "http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt",
"refsource": "MISC",
"url": "http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt"
},
{
"name": "http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt",
"refsource": "MISC",
"url": "http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt"
},
{
"name": "42462",
"refsource": "OSVDB",
"url": "http://osvdb.org/42462"
}
]
}
}

330
2007/4xxx/CVE-2007-4565.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4565", "ID": "CVE-2007-4565",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070907 FLEA-2007-0053-1 fetchmail", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/478798/100/0/threaded" "lang": "eng",
}, "value": "sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP."
{ }
"name" : "20080617 fetchmail security announcement fetchmail-SA-2007-02 (CVE-2007-4565)", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/493388/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/fetchmail-SA-2007-02.txt", ]
"refsource" : "CONFIRM", }
"url" : "http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/fetchmail-SA-2007-02.txt" ]
}, },
{ "references": {
"name" : "https://issues.rpath.com/browse/RPL-1690", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-1690" "name": "33937",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33937"
"name" : "http://support.apple.com/kb/HT3438", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3438" "name": "3074",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3074"
"name" : "APPLE-SA-2009-02-12", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" "name": "http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt",
}, "refsource": "CONFIRM",
{ "url": "http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt"
"name" : "DSA-1377", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2007/dsa-1377" "name": "http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/fetchmail-SA-2007-02.txt",
}, "refsource": "CONFIRM",
{ "url": "http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/fetchmail-SA-2007-02.txt"
"name" : "MDKSA-2007:179", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:179" "name": "http://support.apple.com/kb/HT3438",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3438"
"name" : "SUSE-SR:2007:022", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html" "name": "1018627",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018627"
"name" : "2007-0028", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2007/0028/" "name": "APPLE-SA-2009-02-12",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
"name" : "USN-520-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-520-1" "name": "20080617 fetchmail security announcement fetchmail-SA-2007-02 (CVE-2007-4565)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/493388/100/0/threaded"
"name" : "25495", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25495" "name": "2007-0028",
}, "refsource": "TRUSTIX",
{ "url": "http://www.trustix.org/errata/2007/0028/"
"name" : "oval:org.mitre.oval:def:10528", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10528" "name": "oval:org.mitre.oval:def:10528",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10528"
"name" : "ADV-2007-3032", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3032" "name": "25495",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/25495"
"name" : "ADV-2009-0422", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0422" "name": "ADV-2007-3032",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/3032"
"name" : "45833", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/45833" "name": "ADV-2009-0422",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0422"
"name" : "1018627", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018627" "name": "20070907 FLEA-2007-0053-1 fetchmail",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/478798/100/0/threaded"
"name" : "27399", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27399" "name": "27399",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27399"
"name" : "33937", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33937" "name": "fetchmail-warning-dos(36385)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36385"
"name" : "3074", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3074" "name": "DSA-1377",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2007/dsa-1377"
"name" : "fetchmail-warning-dos(36385)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36385" "name": "MDKSA-2007:179",
} "refsource": "MANDRIVA",
] "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:179"
} },
} {
"name": "https://issues.rpath.com/browse/RPL-1690",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1690"
},
{
"name": "USN-520-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-520-1"
},
{
"name": "SUSE-SR:2007:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"name": "45833",
"refsource": "OSVDB",
"url": "http://osvdb.org/45833"
}
]
}
}

420
2007/4xxx/CVE-2007-4619.json
View File

@ -1,212 +1,212 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4619", "ID": "CVE-2007-4619",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608" "lang": "eng",
}, "value": "Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow."
{ }
"name" : "http://flac.sourceforge.net/changelog.html#flac_1_2_1", ]
"refsource" : "CONFIRM", },
"url" : "http://flac.sourceforge.net/changelog.html#flac_1_2_1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugzilla.redhat.com/show_bug.cgi?id=331991", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugzilla.redhat.com/show_bug.cgi?id=331991" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=332571", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=332571" ]
}, },
{ "references": {
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243" "name": "26042",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/26042"
"name" : "https://issues.rpath.com/browse/RPL-1873", },
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-1873" "name": "GLSA-200711-15",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
"name" : "DSA-1469", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1469" "name": "27507",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27507"
"name" : "FEDORA-2007-2596", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html" "name": "27223",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27223"
"name" : "GLSA-200711-15", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200711-15.xml" "name": "DSA-1469",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1469"
"name" : "MDKSA-2007:214", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214" "name": "USN-540-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-540-1"
"name" : "RHSA-2007:0975", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0975.html" "name": "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities",
}, "refsource": "IDEFENSE",
{ "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
"name" : "SUSE-SR:2007:022", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html" "name": "27210",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27210"
"name" : "USN-540-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-540-1" "name": "27601",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27601"
"name" : "26042", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/26042" "name": "ADV-2007-4061",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/4061"
"name" : "oval:org.mitre.oval:def:10571", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571" "name": "http://bugzilla.redhat.com/show_bug.cgi?id=331991",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
"name" : "ADV-2007-3483", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3483" "name": "27780",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27780"
"name" : "ADV-2007-3484", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3484" "name": "28548",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28548"
"name" : "ADV-2007-4061", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/4061" "name": "FEDORA-2007-2596",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
"name" : "1018815", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1018815" "name": "27878",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27878"
"name" : "27210", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27210" "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
"name" : "27223", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27223" "name": "27355",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27355"
"name" : "27355", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27355" "name": "27628",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27628"
"name" : "27507", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27507" "name": "27399",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27399"
"name" : "27625", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27625" "name": "flac-media-files-bo(37187)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
"name" : "27601", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27601" "name": "MDKSA-2007:214",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
"name" : "27628", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27628" "name": "1018815",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1018815"
"name" : "27780", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27780" "name": "https://issues.rpath.com/browse/RPL-1873",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-1873"
"name" : "27399", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27399" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=332571",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
"name" : "27878", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27878" "name": "ADV-2007-3483",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/3483"
"name" : "28548", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28548" "name": "RHSA-2007:0975",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
"name" : "flac-media-files-bo(37187)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187" "name": "oval:org.mitre.oval:def:10571",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
} },
} {
"name": "27625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27625"
},
{
"name": "SUSE-SR:2007:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"name": "http://flac.sourceforge.net/changelog.html#flac_1_2_1",
"refsource": "CONFIRM",
"url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
},
{
"name": "ADV-2007-3484",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3484"
}
]
}
}

250
2007/4xxx/CVE-2007-4650.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4650", "ID": "CVE-2007-4650",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using \"linked items\" in WebDAV and (b) Reupload modules."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=267421", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=267421" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using \"linked items\" in WebDAV and (b) Reupload modules."
{ }
"name" : "http://gallery.menalto.com/gallery_2.2.3_released", ]
"refsource" : "CONFIRM", },
"url" : "http://gallery.menalto.com/gallery_2.2.3_released" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=191587", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=191587" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1404", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2007/dsa-1404" ]
}, },
{ "references": {
"name" : "FEDORA-2007-2020", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00097.html" "name": "GLSA-200711-03",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200711-03.xml"
"name" : "GLSA-200711-03", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200711-03.xml" "name": "26719",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26719"
"name" : "25580", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25580" "name": "41657",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/41657"
"name" : "ADV-2007-3072", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3072" "name": "ADV-2007-3072",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/3072"
"name" : "41657", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/41657" "name": "DSA-1404",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2007/dsa-1404"
"name" : "41658", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/41658" "name": "41658",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/41658"
"name" : "26716", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26716" "name": "27594",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27594"
"name" : "26719", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26719" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=267421",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=267421"
"name" : "27502", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27502" "name": "FEDORA-2007-2020",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00097.html"
"name" : "27594", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27594" "name": "25580",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/25580"
} },
} {
"name": "http://gallery.menalto.com/gallery_2.2.3_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.2.3_released"
},
{
"name": "26716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26716"
},
{
"name": "27502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27502"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=191587",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=191587"
}
]
}
}

34
2015/2xxx/CVE-2015-2098.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2098", "ID": "CVE-2015-2098",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2015/2xxx/CVE-2015-2468.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-2468", "ID": "CVE-2015-2468",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "37912", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/37912/" "lang": "eng",
}, "value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
{ }
"name" : "MS15-081", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1033239", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033239" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS15-081",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081"
},
{
"name": "37912",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37912/"
},
{
"name": "1033239",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033239"
}
]
}
}

130
2015/2xxx/CVE-2015-2505.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-2505", "ID": "CVE-2015-2505",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka \"Exchange Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS15-103", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-103" "lang": "eng",
}, "value": "Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka \"Exchange Information Disclosure Vulnerability.\""
{ }
"name" : "1033495", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1033495" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033495",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033495"
},
{
"name": "MS15-103",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-103"
}
]
}
}

130
2015/2xxx/CVE-2015-2977.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2015-2977", "ID": "CVE-2015-2977",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#46674982", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN46674982/index.html" "lang": "eng",
}, "value": "Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors."
{ }
"name" : "JVNDB-2015-000107", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000107" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#46674982",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN46674982/index.html"
},
{
"name": "JVNDB-2015-000107",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000107"
}
]
}
}

34
2015/3xxx/CVE-2015-3341.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-3341", "ID": "CVE-2015-3341",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2015/3xxx/CVE-2015-3663.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-3663", "ID": "CVE-2015-3663",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT204942", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT204942" "lang": "eng",
}, "value": "QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668."
{ }
"name" : "http://support.apple.com/kb/HT204947", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT204947" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2015-06-30-2", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-06-30-5", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html" ]
}, },
{ "references": {
"name" : "75493", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75493" "name": "http://support.apple.com/kb/HT204947",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT204947"
"name" : "1032756", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032756" "name": "APPLE-SA-2015-06-30-2",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
} },
} {
"name": "75493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75493"
},
{
"name": "1032756",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032756"
},
{
"name": "http://support.apple.com/kb/HT204942",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "APPLE-SA-2015-06-30-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html"
}
]
}
}

130
2015/6xxx/CVE-2015-6344.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-6344", "ID": "CVE-2015-6344",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20151027 Cisco ASA CX Context-Aware Security Web GUI Unauthorized Access Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-cas" "lang": "eng",
}, "value": "The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105."
{ }
"name" : "1034001", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1034001" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034001",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034001"
},
{
"name": "20151027 Cisco ASA CX Context-Aware Security Web GUI Unauthorized Access Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-cas"
}
]
}
}

120
2015/6xxx/CVE-2015-6377.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-6377", "ID": "CVE-2015-6377",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP port outage) via a flood of crafted TCP packets, aka Bug ID CSCux13379."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20151123 Cisco Virtual Topology System TCP Connection Functionality Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-vts" "lang": "eng",
} "value": "Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP port outage) via a flood of crafted TCP packets, aka Bug ID CSCux13379."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151123 Cisco Virtual Topology System TCP Connection Functionality Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-vts"
}
]
}
}

130
2015/6xxx/CVE-2015-6609.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2015-6609", "ID": "CVE-2015-6609",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[android-security-updates] 20151102 Nexus Security Bulletin (November 2015)", "description_data": [
"refsource" : "MLIST", {
"url" : "https://groups.google.com/forum/message/raw?msg=android-security-updates/n1aw2MGce4E/jhpVEWDUCAAJ" "lang": "eng",
}, "value": "libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624."
{ }
"name" : "1034049", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1034049" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[android-security-updates] 20151102 Nexus Security Bulletin (November 2015)",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/n1aw2MGce4E/jhpVEWDUCAAJ"
},
{
"name": "1034049",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034049"
}
]
}
}

120
2015/7xxx/CVE-2015-7290.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2015-7290", "ID": "CVE-2015-7290",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via the pwd parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#419568", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/419568" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via the pwd parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#419568",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/419568"
}
]
}
}

130
2015/7xxx/CVE-2015-7486.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-7486", "ID": "CVE-2015-7486",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108633."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108633."
{ }
"name" : "ibm-relm-cve20157486-xss(108633)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108633" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-relm-cve20157486-xss(108633)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108633"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983720",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983720"
}
]
}
}

360
2015/7xxx/CVE-2015-7499.json
View File

@ -1,182 +1,182 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-7499", "ID": "CVE-2015-7499",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://xmlsoft.org/news.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://xmlsoft.org/news.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1281925", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1281925" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc", "description": [
"refsource" : "CONFIRM", {
"url" : "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da", ]
"refsource" : "CONFIRM", }
"url" : "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT206166", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT206166" "name": "RHSA-2015:2550",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
"name" : "https://support.apple.com/HT206167", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT206167" "name": "APPLE-SA-2016-03-21-5",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
"name" : "https://support.apple.com/HT206168", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT206168" "name": "openSUSE-SU-2016:0106",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
"name" : "https://support.apple.com/HT206169", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT206169" "name": "https://support.apple.com/HT206167",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT206167"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172" "name": "https://support.apple.com/HT206168",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT206168"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" "name": "DSA-3430",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3430"
"name" : "APPLE-SA-2016-03-21-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html" "name": "APPLE-SA-2016-03-21-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
"name" : "APPLE-SA-2016-03-21-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html" "name": "http://xmlsoft.org/news.html",
}, "refsource": "CONFIRM",
{ "url": "http://xmlsoft.org/news.html"
"name" : "APPLE-SA-2016-03-21-3", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html" "name": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da",
}, "refsource": "CONFIRM",
{ "url": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da"
"name" : "APPLE-SA-2016-03-21-5", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" "name": "RHSA-2016:1089",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
"name" : "DSA-3430", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3430" "name": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc",
}, "refsource": "CONFIRM",
{ "url": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc"
"name" : "GLSA-201701-37", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201701-37" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"name" : "HPSBGN03537", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=145382616617563&w=2" "name": "APPLE-SA-2016-03-21-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
"name" : "RHSA-2015:2549", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2549.html" "name": "USN-2834-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2834-1"
"name" : "RHSA-2015:2550", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2550.html" "name": "1034243",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1034243"
"name" : "RHSA-2016:1089", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1089.html" "name": "RHSA-2015:2549",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
"name" : "openSUSE-SU-2015:2372", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925"
"name" : "openSUSE-SU-2016:0106", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html" "name": "HPSBGN03537",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"
"name" : "USN-2834-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2834-1" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
"name" : "79509", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/79509" "name": "GLSA-201701-37",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201701-37"
"name" : "1034243", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1034243" "name": "openSUSE-SU-2015:2372",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
} },
} {
"name": "APPLE-SA-2016-03-21-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
},
{
"name": "79509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79509"
},
{
"name": "https://support.apple.com/HT206169",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206169"
},
{
"name": "https://support.apple.com/HT206166",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206166"
}
]
}
}

160
2015/7xxx/CVE-2015-7558.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-7558", "ID": "CVE-2015-7558",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20151221 CVE-2015-7557, CVE-2015-7558 librsvg2: Out-of-bounds heap read and stack exhaustion", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/12/21/5" "lang": "eng",
}, "value": "librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document."
{ }
"name" : "[oss-security] 20160430 Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/04/30/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1268243", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1268243" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61", ]
"refsource" : "CONFIRM", }
"url" : "https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61" ]
}, },
{ "references": {
"name" : "DSA-3584", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3584" "name": "[oss-security] 20151221 CVE-2015-7557, CVE-2015-7558 librsvg2: Out-of-bounds heap read and stack exhaustion",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2015/12/21/5"
} },
} {
"name": "https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61"
},
{
"name": "[oss-security] 20160430 Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/30/3"
},
{
"name": "DSA-3584",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3584"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1268243",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268243"
}
]
}
}

130
2016/0xxx/CVE-2016-0417.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-0417", "ID": "CVE-2016-0417",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.2 allows local users to affect confidentiality, integrity, and availability via vectors related to HA for MySQL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.2 allows local users to affect confidentiality, integrity, and availability via vectors related to HA for MySQL."
{ }
"name" : "1034735", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1034735" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "1034735",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034735"
}
]
}
}

130
2016/0xxx/CVE-2016-0436.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-0436", "ID": "CVE-2016-0436",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0437, and CVE-2016-0438."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0437, and CVE-2016-0438."
{ }
"name" : "1034718", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1034718" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "1034718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034718"
}
]
}
}

34
2016/0xxx/CVE-2016-0814.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-0814", "ID": "CVE-2016-0814",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

190
2016/0xxx/CVE-2016-0989.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-0989", "ID": "CVE-2016-0989",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html" "lang": "eng",
}, "value": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005."
{ }
"name" : "GLSA-201603-07", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201603-07" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2016:0715", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2016:0716", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2016:0719", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html" "name": "openSUSE-SU-2016:0734",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
"name" : "openSUSE-SU-2016:0734", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html" "name": "1035251",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1035251"
"name" : "84311", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/84311" "name": "openSUSE-SU-2016:0719",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
"name" : "1035251", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035251" "name": "84311",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/84311"
} },
} {
"name": "GLSA-201603-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"name": "SUSE-SU-2016:0715",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"name": "SUSE-SU-2016:0716",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
}
]
}
}

210
2016/0xxx/CVE-2016-0998.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-0998", "ID": "CVE-2016-0998",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "39612", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/39612/" "lang": "eng",
}, "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000."
{ }
"name" : "39631", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/39631/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201603-07", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201603-07" ]
}, },
{ "references": {
"name" : "SUSE-SU-2016:0715", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html" "name": "openSUSE-SU-2016:0734",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
"name" : "SUSE-SU-2016:0716", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html" "name": "1035251",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1035251"
"name" : "openSUSE-SU-2016:0719", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html" "name": "openSUSE-SU-2016:0719",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
"name" : "openSUSE-SU-2016:0734", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html" "name": "39631",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/39631/"
"name" : "84312", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/84312" "name": "GLSA-201603-07",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201603-07"
"name" : "1035251", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035251" "name": "SUSE-SU-2016:0715",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
} },
} {
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
},
{
"name": "39612",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39612/"
},
{
"name": "84312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84312"
},
{
"name": "SUSE-SU-2016:0716",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
}
]
}
}

34
2016/1000xxx/CVE-2016-1000102.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-1000102", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-1000102",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5387. Reason: This candidate is a duplicate of CVE-2016-5387. Notes: All CVE users should reference CVE-2016-5387 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5387. Reason: This candidate is a duplicate of CVE-2016-5387. Notes: All CVE users should reference CVE-2016-5387 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

122
2016/10xxx/CVE-2016-10631.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2016-10631", "ID": "CVE-2016-10631",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "jvminstall node module", "product_name": "jvminstall node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nodesecurity.io/advisories/225", "description_data": [
"refsource" : "MISC", {
"url" : "https://nodesecurity.io/advisories/225" "lang": "eng",
} "value": "jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/225",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/225"
}
]
}
}

240
2016/1xxx/CVE-2016-1240.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2016-1240", "ID": "CVE-2016-1240",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20161001 CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/539519/100/0/threaded" "lang": "eng",
}, "value": "The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out."
{ }
"name" : "40450", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/40450/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html", "description": [
"refsource" : "MISC", {
"url" : "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://security.netapp.com/advisory/ntap-20180731-0002/", ]
"refsource" : "CONFIRM", }
"url" : "https://security.netapp.com/advisory/ntap-20180731-0002/" ]
}, },
{ "references": {
"name" : "DSA-3669", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3669" "name": "1036845",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1036845"
"name" : "DSA-3670", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3670" "name": "DSA-3670",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3670"
"name" : "GLSA-201705-09", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201705-09" "name": "GLSA-201705-09",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201705-09"
"name" : "RHSA-2017:0455", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:0455" "name": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html",
}, "refsource": "MISC",
{ "url": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html"
"name" : "RHSA-2017:0456", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:0456" "name": "93263",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/93263"
"name" : "RHSA-2017:0457", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0457.html" "name": "RHSA-2017:0457",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
"name" : "USN-3081-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3081-1" "name": "https://security.netapp.com/advisory/ntap-20180731-0002/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20180731-0002/"
"name" : "93263", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93263" "name": "40450",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/40450/"
"name" : "1036845", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036845" "name": "DSA-3669",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2016/dsa-3669"
} },
} {
"name": "RHSA-2017:0455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name": "20161001 CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539519/100/0/threaded"
},
{
"name": "RHSA-2017:0456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"name": "USN-3081-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3081-1"
}
]
}
}

130
2016/1xxx/CVE-2016-1281.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-1281", "ID": "CVE-2016-1281",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the \"application directory\", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160108 Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2016/Jan/22" "lang": "eng",
}, "value": "Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the \"application directory\", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs."
{ }
"name" : "[oss-security] 20160111 CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/01/11/1" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160111 CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/11/1"
},
{
"name": "20160108 Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jan/22"
}
]
}
}

130
2016/1xxx/CVE-2016-1373.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-1373", "ID": "CVE-2016-1373",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160504 Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse" "lang": "eng",
}, "value": "The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623."
{ }
"name" : "1035756", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1035756" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035756",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035756"
},
{
"name": "20160504 Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
}
]
}
}

34
2016/1xxx/CVE-2016-1552.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-1552", "ID": "CVE-2016-1552",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

210
2016/1xxx/CVE-2016-1802.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-1802", "ID": "CVE-2016-1802",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT206564", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT206564" "lang": "eng",
}, "value": "CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app."
{ }
"name" : "https://support.apple.com/HT206566", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT206566" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT206567", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT206567" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT206568", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT206568" ]
}, },
{ "references": {
"name" : "APPLE-SA-2016-05-16-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html" "name": "https://support.apple.com/HT206567",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT206567"
"name" : "APPLE-SA-2016-05-16-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html" "name": "APPLE-SA-2016-05-16-4",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
"name" : "APPLE-SA-2016-05-16-3", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html" "name": "https://support.apple.com/HT206566",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT206566"
"name" : "APPLE-SA-2016-05-16-4", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" "name": "90694",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/90694"
"name" : "90694", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/90694" "name": "APPLE-SA-2016-05-16-3",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html"
"name" : "1035890", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035890" "name": "https://support.apple.com/HT206564",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT206564"
} },
} {
"name": "1035890",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035890"
},
{
"name": "APPLE-SA-2016-05-16-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
},
{
"name": "https://support.apple.com/HT206568",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206568"
},
{
"name": "APPLE-SA-2016-05-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html"
}
]
}
}

160
2016/1xxx/CVE-2016-1849.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-1849", "ID": "CVE-2016-1849",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"Clear History and Website Data\" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT206565", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT206565" "lang": "eng",
}, "value": "The \"Clear History and Website Data\" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory."
{ }
"name" : "https://support.apple.com/HT206568", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT206568" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2016-05-16-2", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2016-05-16-5", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00005.html" ]
}, },
{ "references": {
"name" : "1035888", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035888" "name": "APPLE-SA-2016-05-16-5",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00005.html"
} },
} {
"name": "1035888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035888"
},
{
"name": "APPLE-SA-2016-05-16-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
},
{
"name": "https://support.apple.com/HT206565",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206565"
},
{
"name": "https://support.apple.com/HT206568",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206568"
}
]
}
}

160
2016/4xxx/CVE-2016-4384.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-4384", "ID": "CVE-2016-4384",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.tenable.com/security/research/tra-2016-26", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.tenable.com/security/research/tra-2016-26" "lang": "eng",
}, "value": "HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors."
{ }
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05278882", ]
"refsource" : "CONFIRM", },
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05278882" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "93069", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93069" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1036859", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1036859" ]
}, },
{ "references": {
"name" : "1036860", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036860" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05278882",
} "refsource": "CONFIRM",
] "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05278882"
} },
} {
"name": "1036859",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036859"
},
{
"name": "93069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93069"
},
{
"name": "https://www.tenable.com/security/research/tra-2016-26",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-26"
},
{
"name": "1036860",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036860"
}
]
}
}

160
2016/4xxx/CVE-2016-4464.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-4464", "ID": "CVE-2016-4464",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160908 New security advisory for Apache CXF Fediz - CVE-2016-4464", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/09/08/20" "lang": "eng",
}, "value": "The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature."
{ }
"name" : "http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc", ]
"refsource" : "CONFIRM", },
"url" : "http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=0006581e9cacbeef46381a223e5671e524d416b6", "description": [
"refsource" : "CONFIRM", {
"url" : "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=0006581e9cacbeef46381a223e5671e524d416b6" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "92905", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/92905" ]
}, },
{ "references": {
"name" : "1036869", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036869" "name": "1036869",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1036869"
} },
} {
"name": "http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc",
"refsource": "CONFIRM",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc"
},
{
"name": "92905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92905"
},
{
"name": "[oss-security] 20160908 New security advisory for Apache CXF Fediz - CVE-2016-4464",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/08/20"
},
{
"name": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=0006581e9cacbeef46381a223e5671e524d416b6",
"refsource": "CONFIRM",
"url": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=0006581e9cacbeef46381a223e5671e524d416b6"
}
]
}
}

140
2016/4xxx/CVE-2016-4992.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-4992", "ID": "CVE-2016-4992",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1347760", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1347760" "lang": "eng",
}, "value": "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects."
{ }
"name" : "RHSA-2016:2594", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2594.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2016:2765", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2765.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1347760",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347760"
},
{
"name": "RHSA-2016:2594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2594.html"
},
{
"name": "RHSA-2016:2765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2765.html"
}
]
}
}

210
2019/0xxx/CVE-2019-0018.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sirt@juniper.net", "ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z", "DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0018", "ID": "CVE-2019-0018",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Juniper ATP: Persistent Cross-Site Scripting (XSS) vulnerability in file upload menu" "TITLE": "Juniper ATP: Persistent Cross-Site Scripting (XSS) vulnerability in file upload menu"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Juniper ATP", "product_name": "Juniper ATP",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_name" : "5", "version_name": "5",
"version_value" : "5.0.3" "version_value": "5.0.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Juniper Networks" "vendor_name": "Juniper Networks"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XSS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.juniper.net/JSA10918", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.juniper.net/JSA10918" "lang": "eng",
} "value": "A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
] }
}, ]
"solution" : [ },
{ "exploit": [
"lang" : "eng", {
"value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases." "lang": "eng",
} "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
], }
"source" : { ],
"advisory" : "JSA10918", "impact": {
"defect" : [ "cvss": {
"1365584" "attackComplexity": "LOW",
], "attackVector": "NETWORK",
"discovery" : "INTERNAL" "availabilityImpact": "NONE",
}, "baseScore": 5.4,
"work_around" : [ "baseSeverity": "MEDIUM",
{ "confidentialityImpact": "LOW",
"lang" : "eng", "integrityImpact": "LOW",
"value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk." "privilegesRequired": "LOW",
} "scope": "CHANGED",
] "userInteraction": "REQUIRED",
} "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365584"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}

34
2019/0xxx/CVE-2019-0182.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-0182", "ID": "CVE-2019-0182",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

126
2019/1000xxx/CVE-2019-1000002.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.012372", "DATE_ASSIGNED": "2019-01-22T21:21:10.012372",
"DATE_REQUESTED" : "2019-01-04T16:38:55", "DATE_REQUESTED": "2019-01-04T16:38:55",
"ID" : "CVE-2019-1000002", "ID": "CVE-2019-1000002",
"REQUESTER" : "info@jonasfranz.de", "REQUESTER": "info@jonasfranz.de",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to \"any\" repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/go-gitea/gitea/pull/5631", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/go-gitea/gitea/pull/5631" "lang": "eng",
} "value": "Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to \"any\" repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/go-gitea/gitea/pull/5631",
"refsource": "MISC",
"url": "https://github.com/go-gitea/gitea/pull/5631"
}
]
}
}

124
2019/1003xxx/CVE-2019-1003015.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED" : "2019-02-06T02:59:03.176985", "DATE_ASSIGNED": "2019-02-06T02:59:03.176985",
"ID" : "CVE-2019-1003015", "ID": "CVE-2019-1003015",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins Job Import Plugin", "product_name": "Jenkins Job Import Plugin",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.1 and earlier" "version_value": "2.1 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "Jenkins project"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-611"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20(1)", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20(1)" "lang": "eng",
} "value": "An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20(1)",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20(1)"
}
]
}
}

34
2019/3xxx/CVE-2019-3151.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-3151", "ID": "CVE-2019-3151",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/3xxx/CVE-2019-3213.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-3213", "ID": "CVE-2019-3213",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/3xxx/CVE-2019-3240.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-3240", "ID": "CVE-2019-3240",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/3xxx/CVE-2019-3708.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-3708", "ID": "CVE-2019-3708",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/4xxx/CVE-2019-4081.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-4081", "ID": "CVE-2019-4081",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/4xxx/CVE-2019-4159.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-4159", "ID": "CVE-2019-4159",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/4xxx/CVE-2019-4850.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-4850", "ID": "CVE-2019-4850",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7217.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7217", "ID": "CVE-2019-7217",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2019/7xxx/CVE-2019-7639.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7639", "ID": "CVE-2019-7639",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1673802", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1673802" "lang": "eng",
} "value": "An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1673802",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1673802"
}
]
}
}

120
2019/7xxx/CVE-2019-7732.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7732", "ID": "CVE-2019-7732",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/rgaufman/live555/issues/20", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/rgaufman/live555/issues/20" "lang": "eng",
} "value": "In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rgaufman/live555/issues/20",
"refsource": "MISC",
"url": "https://github.com/rgaufman/live555/issues/20"
}
]
}
}

34
2019/7xxx/CVE-2019-7783.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7783", "ID": "CVE-2019-7783",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/8xxx/CVE-2019-8015.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-8015", "ID": "CVE-2019-8015",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2019/8xxx/CVE-2019-8360.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-8360", "ID": "CVE-2019-8360",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://packetstormsecurity.com/files/151706/Find-A-Place-CMS-Directory-1.5-SQL-Injection.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://packetstormsecurity.com/files/151706/Find-A-Place-CMS-Directory-1.5-SQL-Injection.html" "lang": "eng",
} "value": "Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/151706/Find-A-Place-CMS-Directory-1.5-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/151706/Find-A-Place-CMS-Directory-1.5-SQL-Injection.html"
}
]
}
}

34
2019/8xxx/CVE-2019-8661.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-8661", "ID": "CVE-2019-8661",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/8xxx/CVE-2019-8780.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-8780", "ID": "CVE-2019-8780",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/9xxx/CVE-2019-9127.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-9127", "ID": "CVE-2019-9127",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2019/9xxx/CVE-2019-9212.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-9212", "ID": "CVE-2019-9212",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/alipay/sofa-hessian/issues/34", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/alipay/sofa-hessian/issues/34" "lang": "eng",
} "value": "SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/alipay/sofa-hessian/issues/34",
"refsource": "MISC",
"url": "https://github.com/alipay/sofa-hessian/issues/34"
}
]
}
}

34
2019/9xxx/CVE-2019-9430.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-9430", "ID": "CVE-2019-9430",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/9xxx/CVE-2019-9827.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-9827", "ID": "CVE-2019-9827",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }