admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:28:21 +00:00
parent fe63604ba8
commit d86bd10584
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3849 additions and 3849 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2006/5xxx/CVE-2006-5393.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5393",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5393",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session."
"lang": "eng",
"value": "Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20061009 Limitations in Cisco Secure Desktop",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml"
"name": "20061009 Limitations in Cisco Secure Desktop",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml"
},
{
"name" : "20410",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20410"
"name": "20410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20410"
},
{
"name" : "1017018",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017018"
"name": "1017018",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017018"
}
]
}

92
2006/5xxx/CVE-2006-5555.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5555",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5555",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter."
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "2596",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2596"
"name": "2596",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2596"
},
{
"name" : "20061026 parameter name error in vuln DBs for EPNadmin",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-October/001098.html"
"name": "22508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22508"
},
{
"name" : "20624",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20624"
"name": "20624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20624"
},
{
"name" : "ADV-2006-4167",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4167"
"name": "ADV-2006-4167",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4167"
},
{
"name" : "22508",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22508"
"name": "epnadmin-constantes-file-include(29671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29671"
},
{
"name" : "epnadmin-constantes-file-include(29671)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29671"
"name": "20061026 parameter name error in vuln DBs for EPNadmin",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-October/001098.html"
}
]
}

98
2006/5xxx/CVE-2006-5843.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5843",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5843",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20061108 Speedwiki 2.0 Arbitrary File Upload Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=116302805802656&w=2"
"name": "20061108 Speedwiki 2.0 Arbitrary File Upload Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=116302805802656&w=2"
},
{
"name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=9",
"refsource" : "MISC",
"url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=9"
"name": "speedwiki-index-xss(30132)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30132"
},
{
"name" : "20976",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20976"
"name": "22788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22788"
},
{
"name" : "ADV-2006-4421",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4421"
"name": "ADV-2006-4421",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4421"
},
{
"name" : "1017201",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017201"
"name": "20976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20976"
},
{
"name" : "22788",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22788"
"name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9",
"refsource": "MISC",
"url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9"
},
{
"name" : "speedwiki-index-xss(30132)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30132"
"name": "1017201",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017201"
}
]
}

86
2006/5xxx/CVE-2006-5942.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5942",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5942",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20061114 Inventory Manager [injection sql & xss (get)]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451553/100/0/threaded"
"name": "20061114 Inventory Manager [injection sql & xss (get)]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451553/100/0/threaded"
},
{
"name" : "21069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21069"
"name": "1875",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1875"
},
{
"name" : "22915",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22915"
"name": "22915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22915"
},
{
"name" : "1875",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1875"
"name": "21069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21069"
},
{
"name" : "inventorymanager-displayresults-xss(30276)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30276"
"name": "inventorymanager-displayresults-xss(30276)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30276"
}
]
}

110
2007/2xxx/CVE-2007-2478.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2478",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2478",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string."
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070501 Cerulean Studios Trillian Multiple IRC Vulnerabilities",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522"
"name": "25086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25086"
},
{
"name" : "http://blog.ceruleanstudios.com/?p=131",
"refsource" : "CONFIRM",
"url" : "http://blog.ceruleanstudios.com/?p=131"
"name": "http://blog.ceruleanstudios.com/?p=131",
"refsource": "CONFIRM",
"url": "http://blog.ceruleanstudios.com/?p=131"
},
{
"name" : "23730",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23730"
"name": "trillian-urlhighlight-bo(33985)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33985"
},
{
"name" : "35721",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35721"
"name": "20070501 Cerulean Studios Trillian Multiple IRC Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522"
},
{
"name" : "ADV-2007-1596",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1596"
"name": "1017982",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017982"
},
{
"name" : "1017982",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017982"
"name": "23730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23730"
},
{
"name" : "25086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25086"
"name": "35721",
"refsource": "OSVDB",
"url": "http://osvdb.org/35721"
},
{
"name" : "trillian-fontface-bo(33986)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33986"
"name": "ADV-2007-1596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1596"
},
{
"name" : "trillian-urlhighlight-bo(33985)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33985"
"name": "trillian-fontface-bo(33986)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33986"
}
]
}

110
2007/2xxx/CVE-2007-2790.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2790",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2790",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070517 VP-ASP Shopping Cart 6.50 - Cross-Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/468834/100/0/threaded"
"name": "2728",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2728"
},
{
"name" : "http://redlevel.org/wp-content/uploads/vpasp-650.txt",
"refsource" : "MISC",
"url" : "http://redlevel.org/wp-content/uploads/vpasp-650.txt"
"name": "vpasp-shopcontent-xss(34345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34345"
},
{
"name" : "http://www.vpasp.com/helpnotes/fixes.asp?version=v650",
"refsource" : "MISC",
"url" : "http://www.vpasp.com/helpnotes/fixes.asp?version=v650"
"name": "36095",
"refsource": "OSVDB",
"url": "http://osvdb.org/36095"
},
{
"name" : "ADV-2007-1866",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1866"
"name": "ADV-2007-1866",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1866"
},
{
"name" : "36095",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36095"
"name": "http://redlevel.org/wp-content/uploads/vpasp-650.txt",
"refsource": "MISC",
"url": "http://redlevel.org/wp-content/uploads/vpasp-650.txt"
},
{
"name" : "1018083",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018083"
"name": "http://www.vpasp.com/helpnotes/fixes.asp?version=v650",
"refsource": "MISC",
"url": "http://www.vpasp.com/helpnotes/fixes.asp?version=v650"
},
{
"name" : "25314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25314"
"name": "25314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25314"
},
{
"name" : "2728",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2728"
"name": "1018083",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018083"
},
{
"name" : "vpasp-shopcontent-xss(34345)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34345"
"name": "20070517 VP-ASP Shopping Cart 6.50 - Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468834/100/0/threaded"
}
]
}

92
2007/2xxx/CVE-2007-2978.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2978",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2978",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter."
"lang": "eng",
"value": "Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070529 [MajorSecurity Advisory #48]eggblog - Session fixation Issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/469888/100/0/threaded"
"name": "20070529 [MajorSecurity Advisory #48]eggblog - Session fixation Issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469888/100/0/threaded"
},
{
"name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls48",
"refsource" : "MISC",
"url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls48"
"name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls48",
"refsource": "MISC",
"url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls48"
},
{
"name" : "36734",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36734"
"name": "25443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25443"
},
{
"name" : "25443",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25443"
"name": "eggblog-phpsessid-session-hijacking(34549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34549"
},
{
"name" : "2756",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2756"
"name": "36734",
"refsource": "OSVDB",
"url": "http://osvdb.org/36734"
},
{
"name" : "eggblog-phpsessid-session-hijacking(34549)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34549"
"name": "2756",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2756"
}
]
}

242
2007/3xxx/CVE-2007-3377.json
View File

@ -1,211 +1,211 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3377",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-3377",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin."
"lang": "eng",
"value": "Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070717 rPSA-2007-0142-1 perl-Net-DNS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/473871/100/0/threaded"
"name": "26231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26231"
},
{
"name" : "http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html",
"refsource" : "MISC",
"url" : "http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html"
"name": "26417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26417"
},
{
"name" : "http://rt.cpan.org/Public/Bug/Display.html?id=23961",
"refsource" : "CONFIRM",
"url" : "http://rt.cpan.org/Public/Bug/Display.html?id=23961"
"name": "29354",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29354"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458"
"name": "26014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26014"
},
{
"name" : "http://www.net-dns.org/docs/Changes.html",
"refsource" : "CONFIRM",
"url" : "http://www.net-dns.org/docs/Changes.html"
"name": "RHSA-2007:0675",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0675.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm"
"name": "oval:org.mitre.oval:def:9904",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9904"
},
{
"name" : "DSA-1515",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1515"
"name": "26012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26012"
},
{
"name" : "GLSA-200708-06",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml"
"name": "DSA-1515",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1515"
},
{
"name" : "MDKSA-2007:146",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:146"
"name": "http://www.net-dns.org/docs/Changes.html",
"refsource": "CONFIRM",
"url": "http://www.net-dns.org/docs/Changes.html"
},
{
"name" : "RHSA-2007:0674",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0674.html"
"name": "SUSE-SR:2007:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name" : "RHSA-2007:0675",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0675.html"
"name": "26543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26543"
},
{
"name" : "20070701-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc"
"name": "netdns-dns-responses-spoofing(35112)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35112"
},
{
"name" : "SUSE-SR:2007:017",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm"
},
{
"name" : "2007-0023",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2007/0023/"
"name": "USN-483-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-483-1"
},
{
"name" : "USN-483-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-483-1"
"name": "2007-0023",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0023/"
},
{
"name" : "24669",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24669"
"name": "MDKSA-2007:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:146"
},
{
"name" : "37053",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37053"
"name": "RHSA-2007:0674",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0674.html"
},
{
"name" : "oval:org.mitre.oval:def:9904",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9904"
"name": "26055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26055"
},
{
"name" : "1018377",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018377"
"name": "26211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26211"
},
{
"name" : "25829",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25829"
"name": "37053",
"refsource": "OSVDB",
"url": "http://osvdb.org/37053"
},
{
"name" : "26014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26014"
"name": "26075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26075"
},
{
"name" : "26055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26055"
"name": "1018377",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018377"
},
{
"name" : "26012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26012"
"name": "26508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26508"
},
{
"name" : "26075",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26075"
"name": "24669",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24669"
},
{
"name" : "26211",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26211"
"name": "http://rt.cpan.org/Public/Bug/Display.html?id=23961",
"refsource": "CONFIRM",
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=23961"
},
{
"name" : "26231",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26231"
"name": "20070701-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc"
},
{
"name" : "26417",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26417"
"name": "25829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25829"
},
{
"name" : "26508",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26508"
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458"
},
{
"name" : "26543",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26543"
"name": "GLSA-200708-06",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml"
},
{
"name" : "29354",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29354"
"name": "20070717 rPSA-2007-0142-1 perl-Net-DNS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473871/100/0/threaded"
},
{
"name" : "netdns-dns-responses-spoofing(35112)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35112"
"name": "http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html",
"refsource": "MISC",
"url": "http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html"
}
]
}

86
2007/3xxx/CVE-2007-3433.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3433",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3433",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action."
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "4095",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4095"
"name": "24602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24602"
},
{
"name" : "24602",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24602"
"name": "38224",
"refsource": "OSVDB",
"url": "http://osvdb.org/38224"
},
{
"name" : "ADV-2007-2308",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2308"
"name": "pharmacysystem-index-sql-injection(35010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35010"
},
{
"name" : "38224",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38224"
"name": "ADV-2007-2308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2308"
},
{
"name" : "pharmacysystem-index-sql-injection(35010)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35010"
"name": "4095",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4095"
}
]
}

104
2007/3xxx/CVE-2007-3985.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3985",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3985",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. (dot dot) in the name parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. (dot dot) in the name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070720 Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=118522960430476&w=2"
"name": "http://www.securecomputing.com/index.cfm?skey=1429",
"refsource": "CONFIRM",
"url": "http://www.securecomputing.com/index.cfm?skey=1429"
},
{
"name" : "http://www.oliverkarow.de/research/securityreporter.txt",
"refsource" : "MISC",
"url" : "http://www.oliverkarow.de/research/securityreporter.txt"
"name": "26167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26167"
},
{
"name" : "http://www.securecomputing.com/index.cfm?skey=1429",
"refsource" : "CONFIRM",
"url" : "http://www.securecomputing.com/index.cfm?skey=1429"
"name": "securityreporter-name-directory-traversal(35585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35585"
},
{
"name" : "25027",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25027"
"name": "25027",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25027"
},
{
"name" : "43770",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/43770"
"name": "1018443",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018443"
},
{
"name" : "1018443",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018443"
"name": "43770",
"refsource": "OSVDB",
"url": "http://osvdb.org/43770"
},
{
"name" : "26167",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26167"
"name": "http://www.oliverkarow.de/research/securityreporter.txt",
"refsource": "MISC",
"url": "http://www.oliverkarow.de/research/securityreporter.txt"
},
{
"name" : "securityreporter-name-directory-traversal(35585)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35585"
"name": "20070720 Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=118522960430476&w=2"
}
]
}

86
2007/6xxx/CVE-2007-6322.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6322",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6322",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "4729",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4729"
"name": "xml2owl-filedownload-directory-traversal(39010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39010"
},
{
"name" : "26849",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26849"
"name": "26849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26849"
},
{
"name" : "40090",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40090"
"name": "40090",
"refsource": "OSVDB",
"url": "http://osvdb.org/40090"
},
{
"name" : "28071",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28071"
"name": "28071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28071"
},
{
"name" : "xml2owl-filedownload-directory-traversal(39010)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39010"
"name": "4729",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4729"
}
]
}

98
2007/6xxx/CVE-2007-6468.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6468",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6468",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=562016&group_id=124987",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=562016&group_id=124987"
"name": "http://uhexen2.cvs.sourceforge.net/uhexen2/hexenworld/Client/huffman.c?r1=1.24&r2=1.25",
"refsource": "CONFIRM",
"url": "http://uhexen2.cvs.sourceforge.net/uhexen2/hexenworld/Client/huffman.c?r1=1.24&r2=1.25"
},
{
"name" : "http://uhexen2.cvs.sourceforge.net/uhexen2/hexenworld/Client/huffman.c?r1=1.24&r2=1.25",
"refsource" : "CONFIRM",
"url" : "http://uhexen2.cvs.sourceforge.net/uhexen2/hexenworld/Client/huffman.c?r1=1.24&r2=1.25"
"name": "http://uhexen2.cvs.sourceforge.net/uhexen2/hw_utils/hwrcon/huffman.c?r1=1.18&r2=1.19",
"refsource": "CONFIRM",
"url": "http://uhexen2.cvs.sourceforge.net/uhexen2/hw_utils/hwrcon/huffman.c?r1=1.18&r2=1.19"
},
{
"name" : "http://uhexen2.cvs.sourceforge.net/uhexen2/hw_utils/hwrcon/huffman.c?r1=1.18&r2=1.19",
"refsource" : "CONFIRM",
"url" : "http://uhexen2.cvs.sourceforge.net/uhexen2/hw_utils/hwrcon/huffman.c?r1=1.18&r2=1.19"
"name": "26893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26893"
},
{
"name" : "26893",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26893"
"name": "28124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28124"
},
{
"name" : "ADV-2007-4239",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4239"
"name": "42641",
"refsource": "OSVDB",
"url": "http://osvdb.org/42641"
},
{
"name" : "42641",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42641"
"name": "http://sourceforge.net/project/shownotes.php?release_id=562016&group_id=124987",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=562016&group_id=124987"
},
{
"name" : "28124",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28124"
"name": "ADV-2007-4239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4239"
}
]
}

98
2007/6xxx/CVE-2007-6497.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6497",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6497",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219."
"lang": "eng",
"value": "Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485028/100/0/threaded"
"name": "28973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28973"
},
{
"name" : "4730",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4730"
"name": "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485028/100/0/threaded"
},
{
"name" : "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html",
"refsource" : "CONFIRM",
"url" : "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html"
"name": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html",
"refsource": "CONFIRM",
"url": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html"
},
{
"name" : "26862",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26862"
"name": "3474",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3474"
},
{
"name" : "1019222",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019222"
"name": "4730",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4730"
},
{
"name" : "28973",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28973"
"name": "26862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26862"
},
{
"name" : "3474",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3474"
"name": "1019222",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019222"
}
]
}

110
2007/6xxx/CVE-2007-6597.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6597",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6597",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before Build 033 allow remote attackers to inject arbitrary web script or HTML via the (1) KW and (2) SF parameters to forum/login_user.asp, and (3) the Date parameter to blogs.asp."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before Build 033 allow remote attackers to inject arbitrary web script or HTML via the (1) KW and (2) SF parameters to forum/login_user.asp, and (3) the Date parameter to blogs.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20071227 IPortalX Forums Cross-Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485546/100/0/threaded"
"name": "20071227 IPortalX Forums Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485546/100/0/threaded"
},
{
"name" : "http://www.hackerscenter.com/Archive/view.asp?id=28137",
"refsource" : "MISC",
"url" : "http://www.hackerscenter.com/Archive/view.asp?id=28137"
"name": "3504",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3504"
},
{
"name" : "http://www.iportalx.net/forum/forum_posts.asp?TID=3465&PN=1",
"refsource" : "CONFIRM",
"url" : "http://www.iportalx.net/forum/forum_posts.asp?TID=3465&PN=1"
"name": "39861",
"refsource": "OSVDB",
"url": "http://osvdb.org/39861"
},
{
"name" : "27044",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27044"
"name": "39860",
"refsource": "OSVDB",
"url": "http://osvdb.org/39860"
},
{
"name" : "39860",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39860"
"name": "27044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27044"
},
{
"name" : "39861",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39861"
"name": "http://www.iportalx.net/forum/forum_posts.asp?TID=3465&PN=1",
"refsource": "CONFIRM",
"url": "http://www.iportalx.net/forum/forum_posts.asp?TID=3465&PN=1"
},
{
"name" : "28252",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28252"
"name": "http://www.hackerscenter.com/Archive/view.asp?id=28137",
"refsource": "MISC",
"url": "http://www.hackerscenter.com/Archive/view.asp?id=28137"
},
{
"name" : "3504",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3504"
"name": "28252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28252"
},
{
"name" : "iportalx-loginuser-blogs-xss(39249)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39249"
"name": "iportalx-loginuser-blogs-xss(39249)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39249"
}
]
}

74
2010/0xxx/CVE-2010-0020.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0020",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0020",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka \"SMB Pathname Overflow Vulnerability.\""
"lang": "eng",
"value": "The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka \"SMB Pathname Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS10-012",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-012"
"name": "oval:org.mitre.oval:def:8438",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8438"
},
{
"name" : "TA10-040A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-040A.html"
"name": "TA10-040A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html"
},
{
"name" : "oval:org.mitre.oval:def:8438",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8438"
"name": "MS10-012",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-012"
}
]
}

68
2010/0xxx/CVE-2010-0140.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0140",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0140",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661."
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20100127 Multiple Vulnerabilities in Cisco Unified MeetingPlace",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml"
"name": "20100127 Multiple Vulnerabilities in Cisco Unified MeetingPlace",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml"
},
{
"name" : "37965",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37965"
"name": "37965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37965"
}
]
}

80
2010/0xxx/CVE-2010-0514.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0514",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0514",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding."
"lang": "eng",
"value": "Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
"name": "oval:org.mitre.oval:def:7043",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7043"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2010-03-30-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
"name": "APPLE-SA-2010-03-30-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
},
{
"name" : "oval:org.mitre.oval:def:7043",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7043"
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
}
]
}

68
2010/0xxx/CVE-2010-0968.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0968",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0968",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 allows remote attackers to execute arbitrary SQL commands via the click parameter."
"lang": "eng",
"value": "SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 allows remote attackers to execute arbitrary SQL commands via the click parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "11721",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11721"
"name": "11721",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11721"
},
{
"name" : "ADV-2010-0612",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0612"
"name": "ADV-2010-0612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0612"
}
]
}

74
2010/0xxx/CVE-2010-0970.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0970",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0970",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "11737",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11737"
"name": "phpmylogon-phpmylogon-sql-injection(56868)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56868"
},
{
"name" : "ADV-2010-0614",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0614"
"name": "ADV-2010-0614",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0614"
},
{
"name" : "phpmylogon-phpmylogon-sql-injection(56868)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56868"
"name": "11737",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11737"
}
]
}

80
2010/1xxx/CVE-2010-1287.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1287",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-1287",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291."
"lang": "eng",
"value": "Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
"name": "38751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38751"
},
{
"name" : "oval:org.mitre.oval:def:6803",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6803"
"name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name" : "38751",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38751"
"name": "ADV-2010-1128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"name" : "ADV-2010-1128",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1128"
"name": "oval:org.mitre.oval:def:6803",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6803"
}
]
}

74
2010/1xxx/CVE-2010-1892.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1892",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1892",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka \"IPv6 Memory Corruption Vulnerability.\""
"lang": "eng",
"value": "The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka \"IPv6 Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS10-058",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-058"
"name": "TA10-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name" : "TA10-222A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
"name": "MS10-058",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-058"
},
{
"name" : "oval:org.mitre.oval:def:11845",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11845"
"name": "oval:org.mitre.oval:def:11845",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11845"
}
]
}

74
2014/0xxx/CVE-2014-0133.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0133",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0133",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request."
"lang": "eng",
"value": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)",
"refsource" : "MLIST",
"url" : "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
"name": "[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)",
"refsource": "MLIST",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
},
{
"name" : "openSUSE-SU-2014:0450",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
"name": "openSUSE-SU-2014:0450",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
},
{
"name" : "66537",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66537"
"name": "66537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66537"
}
]
}

92
2014/0xxx/CVE-2014-0295.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0295",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-0295",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka \"VSAVB7RT ASLR Vulnerability.\""
"lang": "eng",
"value": "VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka \"VSAVB7RT ASLR Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.greyhathacker.net/?p=585",
"refsource" : "MISC",
"url" : "http://www.greyhathacker.net/?p=585"
"name": "1029745",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029745"
},
{
"name" : "MS14-009",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009"
"name": "103164",
"refsource": "OSVDB",
"url": "http://osvdb.org/103164"
},
{
"name" : "65418",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65418"
"name": "65418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65418"
},
{
"name" : "103164",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/103164"
"name": "http://www.greyhathacker.net/?p=585",
"refsource": "MISC",
"url": "http://www.greyhathacker.net/?p=585"
},
{
"name" : "1029745",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029745"
"name": "56793",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56793"
},
{
"name" : "56793",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56793"
"name": "MS14-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009"
}
]
}

68
2014/0xxx/CVE-2014-0941.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0941",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0941",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0942."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0942."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671686",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671686"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671686",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671686"
},
{
"name" : "ibm-netcoolomnibus-cve20140941-xss(92400)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92400"
"name": "ibm-netcoolomnibus-cve20140941-xss(92400)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92400"
}
]
}

104
2014/10xxx/CVE-2014-10035.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10035",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10035",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "32037",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/32037"
"name": "http://couponphp.com/changelog",
"refsource": "CONFIRM",
"url": "http://couponphp.com/changelog"
},
{
"name" : "http://packetstormsecurity.com/files/125480",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/125480"
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php"
},
{
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php"
"name": "57177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57177"
},
{
"name" : "http://couponphp.com/changelog",
"refsource" : "CONFIRM",
"url" : "http://couponphp.com/changelog"
"name": "103886",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/103886"
},
{
"name" : "103886",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/103886"
"name": "103897",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/103897"
},
{
"name" : "103887",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/103887"
"name": "103887",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/103887"
},
{
"name" : "103897",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/103897"
"name": "32037",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32037"
},
{
"name" : "57177",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57177"
"name": "http://packetstormsecurity.com/files/125480",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125480"
}
]
}

62
2014/1xxx/CVE-2014-1262.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1262",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1262",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption."
"lang": "eng",
"value": "Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.apple.com/kb/HT6150",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6150"
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6150"
}
]
}

92
2014/1xxx/CVE-2014-1364.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1364",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1364",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4."
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.apple.com/kb/HT6537",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6537"
"name": "https://support.apple.com/kb/HT6537",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6537"
},
{
"name" : "APPLE-SA-2014-06-30-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html"
"name": "APPLE-SA-2014-06-30-4",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"name" : "APPLE-SA-2014-06-30-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
"name": "APPLE-SA-2014-06-30-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name" : "APPLE-SA-2014-06-30-4",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
"name": "59481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59481"
},
{
"name" : "1030495",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030495"
"name": "1030495",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030495"
},
{
"name" : "59481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59481"
"name": "APPLE-SA-2014-06-30-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html"
}
]
}

22
2014/1xxx/CVE-2014-1847.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1847",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1847",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

140
2014/4xxx/CVE-2014-4223.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4223",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4223",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483."
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
"name": "DSA-2987",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2987"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
"name": "oracle-cpujul2014-cve20144223(94594)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94594"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
"name": "68590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68590"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "DSA-2987",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2987"
"name": "HPSBUX03091",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "GLSA-201502-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml"
"name": "1030577",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030577"
},
{
"name" : "HPSBUX03091",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
"name": "SSRT101667",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "SSRT101667",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
"name": "60812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60812"
},
{
"name" : "RHSA-2014:0902",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0902"
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "68590",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68590"
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "1030577",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030577"
"name": "60485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60485"
},
{
"name" : "60485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60485"
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "60812",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60812"
"name": "RHSA-2014:0902",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0902"
},
{
"name" : "oracle-cpujul2014-cve20144223(94594)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94594"
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
}
]
}

116
2014/4xxx/CVE-2014-4462.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4462",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4462",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452."
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.apple.com/en-us/HT6590",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/en-us/HT6590"
"name": "APPLE-SA-2014-11-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
},
{
"name" : "https://support.apple.com/en-us/HT6592",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/en-us/HT6592"
"name": "APPLE-SA-2014-11-17-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html"
},
{
"name" : "https://support.apple.com/en-us/HT204418",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/en-us/HT204418"
"name": "62505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62505"
},
{
"name" : "APPLE-SA-2014-11-17-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
"name": "https://support.apple.com/en-us/HT6590",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT6590"
},
{
"name" : "APPLE-SA-2014-11-17-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html"
"name": "1031231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031231"
},
{
"name" : "71142",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71142"
"name": "62504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62504"
},
{
"name" : "1031231",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031231"
"name": "appletv-cve20144462-code-exec(98772)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98772"
},
{
"name" : "62504",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62504"
"name": "71142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71142"
},
{
"name" : "62505",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62505"
"name": "https://support.apple.com/en-us/HT204418",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT204418"
},
{
"name" : "appletv-cve20144462-code-exec(98772)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98772"
"name": "https://support.apple.com/en-us/HT6592",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT6592"
}
]
}

62
2014/4xxx/CVE-2014-4572.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4572",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4572",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) bvcurl parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) bvcurl parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-votecount-for-balatarin-a3-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-votecount-for-balatarin-a3-cross-site-scripting-xss"
"name": "http://codevigilant.com/disclosure/wp-plugin-votecount-for-balatarin-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-votecount-for-balatarin-a3-cross-site-scripting-xss"
}
]
}

74
2014/4xxx/CVE-2014-4594.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4594",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4594",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-wp-responsive-preview-a3-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-wp-responsive-preview-a3-cross-site-scripting-xss"
"name": "http://codevigilant.com/disclosure/wp-plugin-wp-responsive-preview-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-wp-responsive-preview-a3-cross-site-scripting-xss"
},
{
"name" : "http://wordpress.org/plugins/wp-responsive-preview/changelog",
"refsource" : "MISC",
"url" : "http://wordpress.org/plugins/wp-responsive-preview/changelog"
"name": "http://wordpress.org/plugins/wp-responsive-preview/changelog",
"refsource": "MISC",
"url": "http://wordpress.org/plugins/wp-responsive-preview/changelog"
},
{
"name" : "68408",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68408"
"name": "68408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68408"
}
]
}

74
2014/4xxx/CVE-2014-4646.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4646",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4646",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors."
"lang": "eng",
"value": "Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-214",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-214"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-214",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-214"
},
{
"name" : "http://www.foxitsoftware.com/support/security_bulletins.php#FRD-20",
"refsource" : "CONFIRM",
"url" : "http://www.foxitsoftware.com/support/security_bulletins.php#FRD-20"
"name": "59494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59494"
},
{
"name" : "59494",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59494"
"name": "http://www.foxitsoftware.com/support/security_bulletins.php#FRD-20",
"refsource": "CONFIRM",
"url": "http://www.foxitsoftware.com/support/security_bulletins.php#FRD-20"
}
]
}

86
2014/5xxx/CVE-2014-5271.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5271",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5271",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors."
"lang": "eng",
"value": "Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803"
"name": "111725",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/111725"
},
{
"name" : "https://www.ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "https://www.ffmpeg.org/security.html"
"name": "69250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69250"
},
{
"name" : "GLSA-201603-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-06"
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803"
},
{
"name" : "69250",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69250"
"name": "GLSA-201603-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-06"
},
{
"name" : "111725",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/111725"
"name": "https://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "https://www.ffmpeg.org/security.html"
}
]
}

22
2014/5xxx/CVE-2014-5287.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5287",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5287",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2014/5xxx/CVE-2014-5719.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5719",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5719",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The BIKE RACING 2014 (aka com.timuzsolutions.bikeracing2014) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The BIKE RACING 2014 (aka com.timuzsolutions.bikeracing2014) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#255225",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/255225"
},
{
"name" : "VU#255225",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/255225"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

62
2016/10xxx/CVE-2016-10583.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2016-10583",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-10583",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
"lang": "eng",
"value": "closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://nodesecurity.io/advisories/165",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/165"
"name": "https://nodesecurity.io/advisories/165",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/165"
}
]
}

80
2016/3xxx/CVE-2016-3109.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3109",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3109",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code."
"lang": "eng",
"value": "The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20160423 Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/538173/100/0/threaded"
"name": "https://github.com/shopware/shopware/commit/d73e9031a5b2ab6e918eb86d1e2b2e873cd3558d",
"refsource": "CONFIRM",
"url": "https://github.com/shopware/shopware/commit/d73e9031a5b2ab6e918eb86d1e2b2e873cd3558d"
},
{
"name" : "http://packetstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.html"
"name": "http://packetstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.html"
},
{
"name" : "https://github.com/shopware/shopware/commit/d73e9031a5b2ab6e918eb86d1e2b2e873cd3558d",
"refsource" : "CONFIRM",
"url" : "https://github.com/shopware/shopware/commit/d73e9031a5b2ab6e918eb86d1e2b2e873cd3558d"
"name": "97979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97979"
},
{
"name" : "97979",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97979"
"name": "20160423 Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538173/100/0/threaded"
}
]
}

74
2016/3xxx/CVE-2016-3287.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3287",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3287",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka \"Secure Boot Security Feature Bypass.\""
"lang": "eng",
"value": "Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka \"Secure Boot Security Feature Bypass.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS16-094",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-094"
"name": "91604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91604"
},
{
"name" : "91604",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91604"
"name": "1036290",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036290"
},
{
"name" : "1036290",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036290"
"name": "MS16-094",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-094"
}
]
}

62
2016/3xxx/CVE-2016-3738.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3738",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3738",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod."
"lang": "eng",
"value": "Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "RHSA-2016:1094",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1094"
"name": "RHSA-2016:1094",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1094"
}
]
}

22
2016/7xxx/CVE-2016-7684.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7684",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7684",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}

110
2016/7xxx/CVE-2016-7944.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7944",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2016-7944",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync."
"lang": "eng",
"value": "Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/04/4"
"name": "1036945",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036945"
},
{
"name" : "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/04/2"
"name": "93361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93361"
},
{
"name" : "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
"refsource" : "MLIST",
"url" : "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
"name": "GLSA-201704-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"name" : "https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e",
"refsource" : "CONFIRM",
"url" : "https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e"
"name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
"refsource": "MLIST",
"url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
},
{
"name" : "FEDORA-2016-72d7f05b90",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GE43MDCRGS4R7MRRZNVSLREHRLU5OHCV/"
"name": "FEDORA-2016-72d7f05b90",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GE43MDCRGS4R7MRRZNVSLREHRLU5OHCV/"
},
{
"name" : "FEDORA-2016-ff5a2f4839",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CE6VJWBMOWLSCH4OP4TAEPIA7NP53ON/"
"name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
},
{
"name" : "GLSA-201704-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201704-03"
"name": "FEDORA-2016-ff5a2f4839",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CE6VJWBMOWLSCH4OP4TAEPIA7NP53ON/"
},
{
"name" : "93361",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93361"
"name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
},
{
"name" : "1036945",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036945"
"name": "https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e"
}
]
}

62
2016/8xxx/CVE-2016-8012.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2016-8012",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2016-8012",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Data Loss Prevention Endpoint (DLPe)",
"version" : {
"version_data" : [
"product_name": "Data Loss Prevention Endpoint (DLPe)",
"version": {
"version_data": [
{
"version_value" : "9.4.200 and 9.3.600"
"version_value": "9.4.200 and 9.3.600"
}
]
}
}
]
},
"vendor_name" : "Intel"
"vendor_name": "Intel"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get."
"lang": "eng",
"value": "Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Access control vulnerability"
"lang": "eng",
"value": "Access control vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10185",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10185"
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10185",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10185"
}
]
}

80
2016/8xxx/CVE-2016-8019.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2016-8019",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2016-8019",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "VirusScan Enterprise Linux (VSEL)",
"version" : {
"version_data" : [
"product_name": "VirusScan Enterprise Linux (VSEL)",
"version": {
"version_data": [
{
"version_value" : "2.0.3 (and earlier)"
"version_value": "2.0.3 (and earlier)"
}
]
}
}
]
},
"vendor_name" : "Intel"
"vendor_name": "Intel"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability"
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "40911",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40911/"
"name": "94823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94823"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181"
"name": "1037433",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037433"
},
{
"name" : "94823",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94823"
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181"
},
{
"name" : "1037433",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037433"
"name": "40911",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40911/"
}
]
}

22
2016/8xxx/CVE-2016-8558.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8558",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8558",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}

80
2016/9xxx/CVE-2016-9455.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2016-9455",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9455",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Revive Adserver All versions before 3.2.3",
"version" : {
"version_data" : [
"product_name": "Revive Adserver All versions before 3.2.3",
"version": {
"version_data": [
{
"version_value" : "Revive Adserver All versions before 3.2.3"
"version_value": "Revive Adserver All versions before 3.2.3"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`."
"lang": "eng",
"value": "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Request Forgery (CSRF) (CWE-352)"
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) (CWE-352)"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45",
"refsource" : "MISC",
"url" : "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45"
"name": "https://hackerone.com/reports/97123",
"refsource": "MISC",
"url": "https://hackerone.com/reports/97123"
},
{
"name" : "https://hackerone.com/reports/97123",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/97123"
"name": "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45"
},
{
"name" : "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource" : "MISC",
"url" : "https://www.revive-adserver.com/security/revive-sa-2016-001/"
"name": "83964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83964"
},
{
"name" : "83964",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/83964"
"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
]
}

92
2016/9xxx/CVE-2016-9832.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9832",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9832",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report."
"lang": "eng",
"value": "PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20161207 [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/539883/100/0/threaded"
"name": "http://www.securityfocus.com/archive/1/539883/30/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/539883/30/0/threaded"
},
{
"name" : "20161209 [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Dec/33"
"name": "94733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94733"
},
{
"name" : "http://www.securityfocus.com/archive/1/539883/30/0/threaded",
"refsource" : "MISC",
"url" : "http://www.securityfocus.com/archive/1/539883/30/0/threaded"
"name": "http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html"
},
{
"name" : "https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security",
"refsource" : "MISC",
"url" : "https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security"
"name": "20161209 [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Dec/33"
},
{
"name" : "http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html"
"name": "https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security",
"refsource": "MISC",
"url": "https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security"
},
{
"name" : "94733",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94733"
"name": "20161207 [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539883/100/0/threaded"
}
]
}

22
2019/2xxx/CVE-2019-2069.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2069",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2069",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/2xxx/CVE-2019-2113.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2113",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2113",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

88
2019/2xxx/CVE-2019-2449.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2449",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2449",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Java",
"version" : {
"version_data" : [
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "Java SE: 8u192"
"version_affected": "=",
"version_value": "Java SE: 8u192"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
"lang": "eng",
"value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE."
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "106597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106597"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20190118-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20190118-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190118-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190118-0001/"
},
{
"name" : "RHSA-2019:0469",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0469"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "RHSA-2019:0472",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0472"
"name": "RHSA-2019:0469",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0469"
},
{
"name" : "106597",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106597"
"name": "RHSA-2019:0472",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0472"
}
]
}

74
2019/2xxx/CVE-2019-2479.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2479",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2479",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "8.5.3"
"version_affected": "=",
"version_value": "8.5.3"
},
{
"version_affected" : "=",
"version_value" : "8.5.4"
"version_affected": "=",
"version_value": "8.5.4"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106569",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106569"
"name": "106569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106569"
}
]
}

22
2019/2xxx/CVE-2019-2924.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2924",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2924",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/6xxx/CVE-2019-6323.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6323",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6323",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/6xxx/CVE-2019-6981.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6981",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6981",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}