admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:23:50 +00:00
parent 68815d30b9
commit e1b265885d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 3338 additions and 3338 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2007/2xxx/CVE-2007-2182.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2182", "ID": "CVE-2007-2182",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "3775", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/3775" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter."
{ }
"name" : "23614", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/23614" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-1493", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1493" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "24968", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/24968" ]
}, },
{ "references": {
"name" : "maranforum-pagename-code-execution(33802)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33802" "name": "3775",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/3775"
} },
} {
"name": "maranforum-pagename-code-execution(33802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33802"
},
{
"name": "23614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23614"
},
{
"name": "ADV-2007-1493",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1493"
},
{
"name": "24968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24968"
}
]
}
}

260
2007/2xxx/CVE-2007-2581.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2581", "ID": "CVE-2007-2581",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in \"every main page,\" as demonstrated by default.aspx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070504 XSS in Microsoft SharePoint", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/467738/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in \"every main page,\" as demonstrated by default.aspx."
{ }
"name" : "20070505 RE: XSS in Microsoft SharePoint", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/467749/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20070513 Re: XSS in Microsoft SharePoint", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBST02280", ]
"refsource" : "HP", }
"url" : "http://www.securityfocus.com/archive/1/482366/100/0/threaded" ]
}, },
{ "references": {
"name" : "SSRT071480", "reference_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/482366/100/0/threaded" "name": "oval:org.mitre.oval:def:2286",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2286"
"name" : "MS07-059", },
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-059" "name": "23832",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/23832"
"name" : "TA07-282A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-282A.html" "name": "MS07-059",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-059"
"name" : "23832", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/23832" "name": "1018789",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1018789"
"name" : "37630", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37630" "name": "20070513 Re: XSS in Microsoft SharePoint",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html"
"name" : "ADV-2007-3439", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3439" "name": "HPSBST02280",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
"name" : "oval:org.mitre.oval:def:2286", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2286" "name": "SSRT071480",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
"name" : "1018789", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1018789" "name": "37630",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/37630"
"name" : "27148", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27148" "name": "sharepoint-default-pathinfo-xss(34343)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34343"
"name" : "2682", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2682" "name": "20070504 XSS in Microsoft SharePoint",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/467738/100/0/threaded"
"name" : "sharepoint-default-pathinfo-xss(34343)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34343" "name": "27148",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/27148"
} },
} {
"name": "ADV-2007-3439",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3439"
},
{
"name": "2682",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2682"
},
{
"name": "20070505 RE: XSS in Microsoft SharePoint",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467749/100/0/threaded"
},
{
"name": "TA07-282A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
}
]
}
}

150
2007/3xxx/CVE-2007-3063.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3063", "ID": "CVE-2007-3063",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070604 My Datebook SQL Injection + XSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/470483/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter."
{ }
"name" : "24311", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24311" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38384", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/38384" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "mydatabook-diary-sql-injection(34716)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34716" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20070604 My Datebook SQL Injection + XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470483/100/0/threaded"
},
{
"name": "24311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24311"
},
{
"name": "mydatabook-diary-sql-injection(34716)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34716"
},
{
"name": "38384",
"refsource": "OSVDB",
"url": "http://osvdb.org/38384"
}
]
}
}

140
2007/3xxx/CVE-2007-3373.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3373", "ID": "CVE-2007-3373",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow local users to obtain sensitive information from previous requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[cluster-devel] 20070619 cluster/cman/daemon daemon.c", "description_data": [
"refsource" : "MLIST", {
"url" : "https://www.redhat.com/archives/cluster-devel/2007-June/msg00130.html" "lang": "eng",
}, "value": "daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow local users to obtain sensitive information from previous requests."
{ }
"name" : "45381", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/45381" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "clusterproject-proc-information-disclosure(35152)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35152" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "45381",
"refsource": "OSVDB",
"url": "http://osvdb.org/45381"
},
{
"name": "clusterproject-proc-information-disclosure(35152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35152"
},
{
"name": "[cluster-devel] 20070619 cluster/cman/daemon daemon.c",
"refsource": "MLIST",
"url": "https://www.redhat.com/archives/cluster-devel/2007-June/msg00130.html"
}
]
}
}

180
2007/3xxx/CVE-2007-3647.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3647", "ID": "CVE-2007-3647",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to \"traffic.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070706 phpTrafficA <=1.4.3 Admin Login Bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/473041/100/0/threaded" "lang": "eng",
}, "value": "The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to \"traffic.\" NOTE: some of these details are obtained from third party information."
{ }
"name" : "http://corryl.altervista.org/index.php?mod=read&id=1183748959", ]
"refsource" : "MISC", },
"url" : "http://corryl.altervista.org/index.php?mod=read&id=1183748959" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "24823", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24823" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37477", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/37477" ]
}, },
{ "references": {
"name" : "25976", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25976" "name": "25976",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25976"
"name" : "2870", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2870" "name": "http://corryl.altervista.org/index.php?mod=read&id=1183748959",
}, "refsource": "MISC",
{ "url": "http://corryl.altervista.org/index.php?mod=read&id=1183748959"
"name" : "phptraffica-username-security-bypass(35290)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35290" "name": "20070706 phpTrafficA <=1.4.3 Admin Login Bypass",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/473041/100/0/threaded"
} },
} {
"name": "phptraffica-username-security-bypass(35290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35290"
},
{
"name": "2870",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2870"
},
{
"name": "24823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24823"
},
{
"name": "37477",
"refsource": "OSVDB",
"url": "http://osvdb.org/37477"
}
]
}
}

400
2007/3xxx/CVE-2007-3655.json
View File

@ -1,202 +1,202 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3655", "ID": "CVE-2007-3655",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070709 EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/473224/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file."
{ }
"name" : "20070711 SUN Java JNLP Overflow", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/473356/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30284", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/30284" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20070711 SUN Java JNLP Overflow", ]
"refsource" : "FULLDISC", }
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html" ]
}, },
{ "references": {
"name" : "http://research.eeye.com/html/advisories/published/AD20070705.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://research.eeye.com/html/advisories/published/AD20070705.html" "name": "RHSA-2007:0818",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
"name" : "http://docs.info.apple.com/article.html?artnum=307177", },
"refsource" : "MISC", {
"url" : "http://docs.info.apple.com/article.html?artnum=307177" "name": "37756",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/37756"
"name" : "APPLE-SA-2007-12-14", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" "name": "http://docs.info.apple.com/article.html?artnum=307177",
}, "refsource": "MISC",
{ "url": "http://docs.info.apple.com/article.html?artnum=307177"
"name" : "GLSA-200804-20", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" "name": "ADV-2007-2477",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2477"
"name" : "GLSA-200804-28", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200804-28.xml" "name": "26314",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26314"
"name" : "GLSA-200806-11", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" "name": "24832",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/24832"
"name" : "RHSA-2007:0818", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0818.html" "name": "26369",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26369"
"name" : "RHSA-2007:0829", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0829.html" "name": "sun-java-jnlp-bo(35320)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35320"
"name" : "102996", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1" "name": "GLSA-200804-28",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
"name" : "SUSE-SA:2007:056", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html" "name": "29858",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29858"
"name" : "24832", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24832" "name": "APPLE-SA-2007-12-14",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
"name" : "37756", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37756" "name": "25981",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25981"
"name" : "oval:org.mitre.oval:def:11367", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367" "name": "2874",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/2874"
"name" : "ADV-2007-2477", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2477" "name": "http://research.eeye.com/html/advisories/published/AD20070705.html",
}, "refsource": "MISC",
{ "url": "http://research.eeye.com/html/advisories/published/AD20070705.html"
"name" : "ADV-2007-4224", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/4224" "name": "1018346",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018346"
"name" : "1018346", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018346" "name": "ADV-2007-4224",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/4224"
"name" : "25981", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25981" "name": "20070711 SUN Java JNLP Overflow",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/473356/100/0/threaded"
"name" : "26314", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26314" "name": "30780",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30780"
"name" : "26369", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26369" "name": "20070709 EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/473224/100/0/threaded"
"name" : "27266", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27266" "name": "27266",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27266"
"name" : "28115", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28115" "name": "102996",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1"
"name" : "29858", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29858" "name": "SUSE-SA:2007:056",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
"name" : "30780", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30780" "name": "oval:org.mitre.oval:def:11367",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367"
"name" : "2874", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2874" "name": "28115",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28115"
"name" : "sun-java-jnlp-bo(35320)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35320" "name": "30284",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/30284"
} },
} {
"name": "GLSA-200804-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"name": "GLSA-200806-11",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"name": "RHSA-2007:0829",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
},
{
"name": "20070711 SUN Java JNLP Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html"
}
]
}
}

160
2007/3xxx/CVE-2007-3727.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3727", "ID": "CVE-2007-3727",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the \"administration area.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.valarsoft.com/index.php?page=home&notizie=&notID=145#npos145", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.valarsoft.com/index.php?page=home&notizie=&notID=145#npos145" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the \"administration area.\""
{ }
"name" : "24879", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24879" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36731", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36731" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-2465", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/2465" ]
}, },
{ "references": {
"name" : "26019", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26019" "name": "26019",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/26019"
} },
} {
"name": "24879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24879"
},
{
"name": "36731",
"refsource": "OSVDB",
"url": "http://osvdb.org/36731"
},
{
"name": "http://www.valarsoft.com/index.php?page=home&notizie=&notID=145#npos145",
"refsource": "CONFIRM",
"url": "http://www.valarsoft.com/index.php?page=home&notizie=&notID=145#npos145"
},
{
"name": "ADV-2007-2465",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2465"
}
]
}
}

170
2007/3xxx/CVE-2007-3905.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3905", "ID": "CVE-2007-3905",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=523104&group_id=69353", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=523104&group_id=69353" "lang": "eng",
}, "value": "SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php."
{ }
"name" : "DSA-1389", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2007/dsa-1389" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "24933", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24933" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26077", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/26077" ]
}, },
{ "references": {
"name" : "27303", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27303" "name": "zoph-photos-editphotos-sql-injection(35446)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35446"
"name" : "zoph-photos-editphotos-sql-injection(35446)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35446" "name": "http://sourceforge.net/project/shownotes.php?release_id=523104&group_id=69353",
} "refsource": "CONFIRM",
] "url": "http://sourceforge.net/project/shownotes.php?release_id=523104&group_id=69353"
} },
} {
"name": "27303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27303"
},
{
"name": "24933",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24933"
},
{
"name": "DSA-1389",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1389"
},
{
"name": "26077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26077"
}
]
}
}

150
2007/4xxx/CVE-2007-4333.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4333", "ID": "CVE-2007-4333",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in signup.php in Article Dashboard allow remote attackers to inject arbitrary web script or HTML via the (1) f_emailaddress, (2) f_reemailaddress, and other unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "25309", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25309" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in signup.php in Article Dashboard allow remote attackers to inject arbitrary web script or HTML via the (1) f_emailaddress, (2) f_reemailaddress, and other unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "36423", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/36423" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "26163", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26163" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "article-signup-xss(35978)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35978" ]
} },
] "references": {
} "reference_data": [
} {
"name": "article-signup-xss(35978)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35978"
},
{
"name": "26163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26163"
},
{
"name": "25309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25309"
},
{
"name": "36423",
"refsource": "OSVDB",
"url": "http://osvdb.org/36423"
}
]
}
}

170
2007/4xxx/CVE-2007-4369.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4369", "ID": "CVE-2007-4369",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070813 SOTEeSKLEP Remote File Disclosure Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/476268/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
{ }
"name" : "20070814 Re: SOTEeSKLEP Remote File Disclosure Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/476445/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4282", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4282" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25286", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/25286" ]
}, },
{ "references": {
"name" : "26472", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26472" "name": "soteesklep-file-information-disclosure(35973)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35973"
"name" : "soteesklep-file-information-disclosure(35973)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35973" "name": "20070813 SOTEeSKLEP Remote File Disclosure Vulnerability",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/476268/100/0/threaded"
} },
} {
"name": "4282",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4282"
},
{
"name": "20070814 Re: SOTEeSKLEP Remote File Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476445/100/0/threaded"
},
{
"name": "26472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26472"
},
{
"name": "25286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25286"
}
]
}
}

140
2007/6xxx/CVE-2007-6038.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6038", "ID": "CVE-2007-6038",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4636", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4636" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
{ }
"name" : "26499", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/26499" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "joomla-juser-xajaxfunctions-file-include(38555)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38555" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "joomla-juser-xajaxfunctions-file-include(38555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38555"
},
{
"name": "26499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26499"
},
{
"name": "4636",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4636"
}
]
}
}

140
2007/6xxx/CVE-2007-6213.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6213", "ID": "CVE-2007-6213",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in mod/chat/index.php in WebED 0.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) Root and (2) Path parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4677", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4677" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in mod/chat/index.php in WebED 0.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) Root and (2) Path parameters."
{ }
"name" : "26640", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/26640" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39699", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/39699" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "26640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26640"
},
{
"name": "4677",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4677"
},
{
"name": "39699",
"refsource": "OSVDB",
"url": "http://osvdb.org/39699"
}
]
}
}

140
2007/6xxx/CVE-2007-6549.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6549", "ID": "CVE-2007-6549",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to \"pagetype using.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131" "lang": "eng",
}, "value": "Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to \"pagetype using.\""
{ }
"name" : "41252", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/41252" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "runcms-pagetype-unspecified(39299)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39299" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "41252",
"refsource": "OSVDB",
"url": "http://osvdb.org/41252"
},
{
"name": "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131",
"refsource": "CONFIRM",
"url": "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131"
},
{
"name": "runcms-pagetype-unspecified(39299)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39299"
}
]
}
}

240
2007/6xxx/CVE-2007-6714.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6714", "ID": "CVE-2007-6714",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[Dbmail-dev] 20071216 [DBMail 0000662]: Ability to bypass authentication.", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.mail-archive.com/dbmail-dev@dbmail.org/msg09942.html" "lang": "eng",
}, "value": "DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication."
{ }
"name" : "http://dbmail.org/index.php?page=news&id=44", ]
"refsource" : "CONFIRM", },
"url" : "http://dbmail.org/index.php?page=news&id=44" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2008-3333", "description": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2008-3371", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html" ]
}, },
{ "references": {
"name" : "GLSA-200804-24", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml" "name": "GLSA-200804-24",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml"
"name" : "28849", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28849" "name": "28849",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28849"
"name" : "ADV-2008-1321", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1321/references" "name": "dbmail-authldap-security-bypass(41907)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41907"
"name" : "44561", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/44561" "name": "44561",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/44561"
"name" : "1019914", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019914" "name": "29903",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29903"
"name" : "29903", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29903" "name": "1019914",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1019914"
"name" : "29937", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29937" "name": "FEDORA-2008-3333",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html"
"name" : "29984", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29984" "name": "29984",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29984"
"name" : "dbmail-authldap-security-bypass(41907)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41907" "name": "ADV-2008-1321",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/1321/references"
} },
} {
"name": "FEDORA-2008-3371",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html"
},
{
"name": "29937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29937"
},
{
"name": "[Dbmail-dev] 20071216 [DBMail 0000662]: Ability to bypass authentication.",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/dbmail-dev@dbmail.org/msg09942.html"
},
{
"name": "http://dbmail.org/index.php?page=news&id=44",
"refsource": "CONFIRM",
"url": "http://dbmail.org/index.php?page=news&id=44"
}
]
}
}

160
2010/1xxx/CVE-2010-1454.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-1454", "ID": "CVE-2010-1454",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100517 CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/511307/100/0/threaded" "lang": "eng",
}, "value": "com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password."
{ }
"name" : "http://www.springsource.com/security/cve-2010-1454", ]
"refsource" : "CONFIRM", },
"url" : "http://www.springsource.com/security/cve-2010-1454" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "40205", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40205" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "39778", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/39778" ]
}, },
{ "references": {
"name" : "tcserver-listener-security-bypass(58684)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58684" "name": "tcserver-listener-security-bypass(58684)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58684"
} },
} {
"name": "39778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39778"
},
{
"name": "http://www.springsource.com/security/cve-2010-1454",
"refsource": "CONFIRM",
"url": "http://www.springsource.com/security/cve-2010-1454"
},
{
"name": "20100517 CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511307/100/0/threaded"
},
{
"name": "40205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40205"
}
]
}
}

34
2010/1xxx/CVE-2010-1827.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1827", "ID": "CVE-2010-1827",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

250
2010/1xxx/CVE-2010-1938.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1938", "ID": "CVE-2010-1938",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)", "description_data": [
"refsource" : "SREASONRES", {
"url" : "http://securityreason.com/achievement_securityalert/87" "lang": "eng",
}, "value": "Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd."
{ }
"name" : "12762", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/12762" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://blog.pi3.com.pl/?p=111", "description": [
"refsource" : "MISC", {
"url" : "http://blog.pi3.com.pl/?p=111" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://site.pi3.com.pl/adv/libopie-adv.txt", ]
"refsource" : "MISC", }
"url" : "http://site.pi3.com.pl/adv/libopie-adv.txt" ]
}, },
{ "references": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932" "name": "http://blog.pi3.com.pl/?p=111",
}, "refsource": "MISC",
{ "url": "http://blog.pi3.com.pl/?p=111"
"name" : "DSA-2281", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2281" "name": "7450",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/7450"
"name" : "FreeBSD-SA-10:05", },
"refsource" : "FREEBSD", {
"url" : "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc" "name": "40403",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/40403"
"name" : "40403", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40403" "name": "http://site.pi3.com.pl/adv/libopie-adv.txt",
}, "refsource": "MISC",
{ "url": "http://site.pi3.com.pl/adv/libopie-adv.txt"
"name" : "1024040", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024040" "name": "1024040",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1024040"
"name" : "1025709", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025709" "name": "DSA-2281",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2281"
"name" : "39963", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39963" "name": "FreeBSD-SA-10:05",
}, "refsource": "FREEBSD",
{ "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc"
"name" : "39966", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39966" "name": "39966",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39966"
"name" : "45136", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45136" "name": "12762",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/12762"
"name" : "7450", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/7450" "name": "20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)",
} "refsource": "SREASONRES",
] "url": "http://securityreason.com/achievement_securityalert/87"
} },
} {
"name": "1025709",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025709"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932"
},
{
"name": "39963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39963"
},
{
"name": "45136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45136"
}
]
}
}

120
2014/0xxx/CVE-2014-0758.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-0758", "ID": "CVE-2014-0758",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01" "lang": "eng",
} "value": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
}
]
}
}

140
2014/0xxx/CVE-2014-0780.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-0780", "ID": "CVE-2014-0780",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42699", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42699/" "lang": "eng",
}, "value": "Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests."
{ }
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02", ]
"refsource" : "MISC", },
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "67056", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/67056" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "42699",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42699/"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02"
},
{
"name": "67056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67056"
}
]
}
}

34
2014/1xxx/CVE-2014-1432.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-1432", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-1432",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

250
2014/1xxx/CVE-2014-1514.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2014-1514", "ID": "CVE-2014-1514",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-32.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-32.html" "lang": "eng",
}, "value": "vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=983344", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=983344" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2881", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2014/dsa-2881" ]
}, },
{ "references": {
"name" : "DSA-2911", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2911" "name": "RHSA-2014:0310",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0310.html"
"name" : "GLSA-201504-01", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201504-01" "name": "DSA-2911",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-2911"
"name" : "RHSA-2014:0310", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0310.html" "name": "GLSA-201504-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201504-01"
"name" : "RHSA-2014:0316", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0316.html" "name": "SUSE-SU-2014:0418",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html"
"name" : "SUSE-SU-2014:0418", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
"name" : "openSUSE-SU-2014:0419", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" "name": "USN-2151-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2151-1"
"name" : "openSUSE-SU-2014:0448", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-32.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-32.html"
"name" : "openSUSE-SU-2014:0584", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html" "name": "DSA-2881",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-2881"
"name" : "USN-2151-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2151-1" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=983344",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=983344"
"name" : "66240", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66240" "name": "66240",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/66240"
} },
} {
"name": "openSUSE-SU-2014:0419",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"name": "RHSA-2014:0316",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0316.html"
},
{
"name": "openSUSE-SU-2014:0584",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html"
},
{
"name": "openSUSE-SU-2014:0448",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html"
}
]
}
}

150
2014/5xxx/CVE-2014-5004.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5004", "ID": "CVE-2014-5004",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140710 Vulnerabilities in Ruby Gem brbackup-0.1.1", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/07/10/6" "lang": "eng",
}, "value": "lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process."
{ }
"name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "68506", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/68506" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "[oss-security] 20140710 Vulnerabilities in Ruby Gem brbackup-0.1.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/6"
},
{
"name": "http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html"
},
{
"name": "68506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68506"
}
]
}
}

140
2014/5xxx/CVE-2014-5349.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5349", "ID": "CVE-2014-5349",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "33951", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/33951" "lang": "eng",
}, "value": "Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function."
{ }
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5190.php", ]
"refsource" : "MISC", },
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5190.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "108605", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/108605" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5190.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5190.php"
},
{
"name": "33951",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33951"
},
{
"name": "108605",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/108605"
}
]
}
}

170
2014/5xxx/CVE-2014-5465.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5465", "ID": "CVE-2014-5465",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "34436", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/34436" "lang": "eng",
}, "value": "Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
{ }
"name" : "http://packetstormsecurity.com/files/128024/WordPress-ShortCode-1.1-Local-File-Inclusion.html", ]
"refsource" : "CONFIRM", },
"url" : "http://packetstormsecurity.com/files/128024/WordPress-ShortCode-1.1-Local-File-Inclusion.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://wordpress.org/plugins/download-shortcode/changelog/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://wordpress.org/plugins/download-shortcode/changelog/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://wordpress.org/support/topic/plugin-download-shortcode-security-issue", ]
"refsource" : "CONFIRM", }
"url" : "http://wordpress.org/support/topic/plugin-download-shortcode-security-issue" ]
}, },
{ "references": {
"name" : "http://wordpress.org/support/topic/vulnerability-5", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://wordpress.org/support/topic/vulnerability-5" "name": "34436",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/34436"
"name" : "69440", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/69440" "name": "69440",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/69440"
} },
} {
"name": "http://wordpress.org/support/topic/vulnerability-5",
"refsource": "CONFIRM",
"url": "http://wordpress.org/support/topic/vulnerability-5"
},
{
"name": "http://packetstormsecurity.com/files/128024/WordPress-ShortCode-1.1-Local-File-Inclusion.html",
"refsource": "CONFIRM",
"url": "http://packetstormsecurity.com/files/128024/WordPress-ShortCode-1.1-Local-File-Inclusion.html"
},
{
"name": "http://wordpress.org/plugins/download-shortcode/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/download-shortcode/changelog/"
},
{
"name": "http://wordpress.org/support/topic/plugin-download-shortcode-security-issue",
"refsource": "CONFIRM",
"url": "http://wordpress.org/support/topic/plugin-download-shortcode-security-issue"
}
]
}
}

160
2014/5xxx/CVE-2014-5521.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5521", "ID": "CVE-2014-5521",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "34452", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/34452" "lang": "eng",
}, "value": "plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter."
{ }
"name" : "20140827 XRMS SQLi to RCE 0day", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Aug/78" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20140827 XRMS SQLi to RCE 0day", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/08/27/4" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20140829 Re: XRMS SQLi to RCE 0day", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2014/08/29/1" ]
}, },
{ "references": {
"name" : "http://packetstormsecurity.com/files/128030/XRMS-Blind-SQL-Injection-Command-Execution.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/128030/XRMS-Blind-SQL-Injection-Command-Execution.html" "name": "http://packetstormsecurity.com/files/128030/XRMS-Blind-SQL-Injection-Command-Execution.html",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.com/files/128030/XRMS-Blind-SQL-Injection-Command-Execution.html"
} },
} {
"name": "20140827 XRMS SQLi to RCE 0day",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Aug/78"
},
{
"name": "[oss-security] 20140827 XRMS SQLi to RCE 0day",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/27/4"
},
{
"name": "[oss-security] 20140829 Re: XRMS SQLi to RCE 0day",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/29/1"
},
{
"name": "34452",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34452"
}
]
}
}

140
2014/5xxx/CVE-2014-5949.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-5949", "ID": "CVE-2014-5949",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TICKET APP - Concerts & Sports (aka com.xcr.android.ticketapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The TICKET APP - Concerts & Sports (aka com.xcr.android.ticketapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#486665", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/486665" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#486665",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/486665"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

250
2015/2xxx/CVE-2015-2151.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2151", "ID": "CVE-2015-2151",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://xenbits.xen.org/xsa/advisory-123.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://xenbits.xen.org/xsa/advisory-123.html" "lang": "eng",
}, "value": "The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.citrix.com/article/CTX200484", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.citrix.com/article/CTX200484" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm", ]
"refsource" : "CONFIRM", }
"url" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm" ]
}, },
{ "references": {
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm",
}, "refsource": "CONFIRM",
{ "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm"
"name" : "DSA-3181", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3181" "name": "http://support.citrix.com/article/CTX200484",
}, "refsource": "CONFIRM",
{ "url": "http://support.citrix.com/article/CTX200484"
"name" : "FEDORA-2015-3721", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html" "name": "FEDORA-2015-3944",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html"
"name" : "FEDORA-2015-3935", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html" "name": "FEDORA-2015-3721",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html"
"name" : "FEDORA-2015-3944", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"name" : "GLSA-201604-03", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201604-03" "name": "http://xenbits.xen.org/xsa/advisory-123.html",
}, "refsource": "CONFIRM",
{ "url": "http://xenbits.xen.org/xsa/advisory-123.html"
"name" : "openSUSE-SU-2015:0732", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html" "name": "1031903",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1031903"
"name" : "73015", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/73015" "name": "DSA-3181",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3181"
"name" : "1031903", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031903" "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761",
}, "refsource": "CONFIRM",
{ "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"
"name" : "1031806", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031806" "name": "FEDORA-2015-3935",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html"
} },
} {
"name": "openSUSE-SU-2015:0732",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "73015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73015"
},
{
"name": "1031806",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031806"
}
]
}
}

120
2015/2xxx/CVE-2015-2196.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2196", "ID": "CVE-2015-2196",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "36061", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/36061" "lang": "eng",
} "value": "SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36061",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/36061"
}
]
}
}

120
2016/10xxx/CVE-2016-10079.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10079", "ID": "CVE-2016-10079",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41030", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41030/" "lang": "eng",
} "value": "SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41030",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41030/"
}
]
}
}

146
2016/10xxx/CVE-2016-10277.json
View File

@ -1,75 +1,75 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-10277", "ID": "CVE-2016-10277",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.10" "version_value": "Kernel-3.10"
}, },
{ {
"version_value" : "Kernel-3.18" "version_value": "Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42601", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42601/" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490."
{ }
"name" : "https://source.android.com/security/bulletin/2017-05-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/2017-05-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98149", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98149" "lang": "eng",
} "value": "Elevation of privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name": "98149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98149"
},
{
"name": "42601",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42601/"
}
]
}
}

200
2016/4xxx/CVE-2016-4809.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-4809", "ID": "CVE-2016-4809",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1347084", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1347084" "lang": "eng",
}, "value": "The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink."
{ }
"name" : "https://github.com/libarchive/libarchive/commit/fd7e0c02", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/libarchive/libarchive/commit/fd7e0c02" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/libarchive/libarchive/issues/705", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/libarchive/libarchive/issues/705" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" ]
}, },
{ "references": {
"name" : "DSA-3657", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3657" "name": "https://github.com/libarchive/libarchive/commit/fd7e0c02",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/libarchive/libarchive/commit/fd7e0c02"
"name" : "GLSA-201701-03", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201701-03" "name": "RHSA-2016:1844",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html"
"name" : "RHSA-2016:1844", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1844.html" "name": "https://github.com/libarchive/libarchive/issues/705",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/libarchive/libarchive/issues/705"
"name" : "RHSA-2016:1850", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1850.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
"name" : "91813", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91813" "name": "91813",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/91813"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1347084",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347084"
},
{
"name": "RHSA-2016:1850",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1850.html"
},
{
"name": "GLSA-201701-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-03"
},
{
"name": "DSA-3657",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3657"
}
]
}
}

180
2016/4xxx/CVE-2016-4985.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-4985", "ID": "CVE-2016-4985",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160621 Ironic node information including credentials exposed to unathenticated users", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/06/21/6" "lang": "eng",
}, "value": "The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource."
{ }
"name" : "https://bugs.launchpad.net/ironic/+bug/1572796", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.launchpad.net/ironic/+bug/1572796" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://review.openstack.org/332195", "description": [
"refsource" : "CONFIRM", {
"url" : "https://review.openstack.org/332195" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://review.openstack.org/332196", ]
"refsource" : "CONFIRM", }
"url" : "https://review.openstack.org/332196" ]
}, },
{ "references": {
"name" : "https://review.openstack.org/332197", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://review.openstack.org/332197" "name": "https://review.openstack.org/332197",
}, "refsource": "CONFIRM",
{ "url": "https://review.openstack.org/332197"
"name" : "RHSA-2016:1377", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1377" "name": "https://bugs.launchpad.net/ironic/+bug/1572796",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.launchpad.net/ironic/+bug/1572796"
"name" : "RHSA-2016:1378", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1378" "name": "[oss-security] 20160621 Ironic node information including credentials exposed to unathenticated users",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2016/06/21/6"
} },
} {
"name": "https://review.openstack.org/332195",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/332195"
},
{
"name": "RHSA-2016:1378",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1378"
},
{
"name": "RHSA-2016:1377",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1377"
},
{
"name": "https://review.openstack.org/332196",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/332196"
}
]
}
}

140
2016/8xxx/CVE-2016-8449.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-8449", "ID": "CVE-2016-8449",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.10" "version_value": "Kernel-3.10"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31798848. References: N-CVE-2016-8449."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-01-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-01-01.html" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31798848. References: N-CVE-2016-8449."
{ }
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", ]
"refsource" : "CONFIRM", },
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "95262", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95262" "lang": "eng",
} "value": "Elevation of privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95262"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}
}

34
2016/8xxx/CVE-2016-8540.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-8540", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-8540",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

178
2016/8xxx/CVE-2016-8911.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-8911", "ID": "CVE-2016-8911",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Kenexa LMS on Cloud", "product_name": "Kenexa LMS on Cloud",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "13.0" "version_value": "13.0"
}, },
{ {
"version_value" : "13.1" "version_value": "13.1"
}, },
{ {
"version_value" : "13.2" "version_value": "13.2"
}, },
{ {
"version_value" : "13.2.2" "version_value": "13.2.2"
}, },
{ {
"version_value" : "13.2.3" "version_value": "13.2.3"
}, },
{ {
"version_value" : "13.2.4" "version_value": "13.2.4"
}, },
{ {
"version_value" : "14.0.0" "version_value": "14.0.0"
}, },
{ {
"version_value" : "14.1.0" "version_value": "14.1.0"
}, },
{ {
"version_value" : "14.2.0" "version_value": "14.2.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM Corporation" "vendor_name": "IBM Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21993982", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21993982" "lang": "eng",
}, "value": "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim."
{ }
"name" : "94325", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94325" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94325"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21993982",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993982"
}
]
}
}

130
2016/9xxx/CVE-2016-9005.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-9005", "ID": "CVE-2016-9005",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "System Storage", "product_name": "System Storage",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "TS3100-TS3200" "version_value": "TS3100-TS3200"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM Corporation" "vendor_name": "IBM Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1009656", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1009656" "lang": "eng",
}, "value": "IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system."
{ }
"name" : "95436", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95436" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1009656",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1009656"
},
{
"name": "95436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95436"
}
]
}
}

34
2016/9xxx/CVE-2016-9647.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-9647", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-9647",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

140
2016/9xxx/CVE-2016-9998.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9998", "ID": "CVE-2016-9998",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://core.spip.net/projects/spip/repository/revisions/23288", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://core.spip.net/projects/spip/repository/revisions/23288" "lang": "eng",
}, "value": "SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL."
{ }
"name" : "95008", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95008" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037486", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037486" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "95008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95008"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23288",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23288"
},
{
"name": "1037486",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037486"
}
]
}
}

124
2019/1003xxx/CVE-2019-1003030.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED" : "2019-03-06T22:44:37.384525", "DATE_ASSIGNED": "2019-03-06T22:44:37.384525",
"ID" : "CVE-2019-1003030", "ID": "CVE-2019-1003030",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins Pipeline: Groovy Plugin", "product_name": "Jenkins Pipeline: Groovy Plugin",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.63 and earlier" "version_value": "2.63 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "Jenkins project"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-693"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(2)", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(2)" "lang": "eng",
} "value": "A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(2)",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(2)"
}
]
}
}

34
2019/2xxx/CVE-2019-2275.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2275", "ID": "CVE-2019-2275",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2019/2xxx/CVE-2019-2543.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2019-2543", "ID": "CVE-2019-2543",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Solaris Operating System", "product_name": "Solaris Operating System",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "10" "version_value": "10"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "11" "version_value": "11"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via KSSL to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via KSSL to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via KSSL to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
{ }
"name" : "106589", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106589" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via KSSL to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106589"
}
]
}
}

34
2019/2xxx/CVE-2019-2880.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2880", "ID": "CVE-2019-2880",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/3xxx/CVE-2019-3511.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-3511", "ID": "CVE-2019-3511",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2019/6xxx/CVE-2019-6289.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6289", "ID": "CVE-2019-6289",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://laolisafe.com/dedecms/", "description_data": [
"refsource" : "MISC", {
"url" : "https://laolisafe.com/dedecms/" "lang": "eng",
} "value": "uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://laolisafe.com/dedecms/",
"refsource": "MISC",
"url": "https://laolisafe.com/dedecms/"
}
]
}
}

34
2019/6xxx/CVE-2019-6578.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6578", "ID": "CVE-2019-6578",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6907.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6907", "ID": "CVE-2019-6907",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7845.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7845", "ID": "CVE-2019-7845",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7875.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7875", "ID": "CVE-2019-7875",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7981.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7981", "ID": "CVE-2019-7981",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }