admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:52:29 +00:00
parent 64b0a261dd
commit e8845940a9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3720 additions and 3720 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2006/1xxx/CVE-2006-1122.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1122",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060308 [KAPDA::#32] - d2kBlog 1.0.3 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427103/100/0/threaded"
},
{
"name" : "17035",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17035"
},
{
"name" : "ADV-2006-0896",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0896"
},
{
"name" : "23771",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23771"
},
{
"name" : "19177",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19177"
},
{
"name" : "559",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/559"
},
{
"name" : "d2kblog-default-msg-xss(25214)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25214"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17035"
},
{
"name": "559",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/559"
},
{
"name": "ADV-2006-0896",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0896"
},
{
"name": "d2kblog-default-msg-xss(25214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25214"
},
{
"name": "23771",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23771"
},
{
"name": "20060308 [KAPDA::#32] - d2kBlog 1.0.3 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427103/100/0/threaded"
},
{
"name": "19177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19177"
}
]
}
}

160
2006/1xxx/CVE-2006-1411.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1411",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the shownew parameter in gallery.asp and (2) unspecified search module parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/03/absolute-image-gallery-xe-20-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/03/absolute-image-gallery-xe-20-xss-vuln.html"
},
{
"name" : "18712",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18712"
},
{
"name" : "ADV-2006-1103",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1103"
},
{
"name" : "24214",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24214"
},
{
"name" : "absolute-gallery-xss(25466)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25466"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the shownew parameter in gallery.asp and (2) unspecified search module parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18712"
},
{
"name": "absolute-gallery-xss(25466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25466"
},
{
"name": "http://pridels0.blogspot.com/2006/03/absolute-image-gallery-xe-20-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/03/absolute-image-gallery-xe-20-xss-vuln.html"
},
{
"name": "24214",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24214"
},
{
"name": "ADV-2006-1103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1103"
}
]
}
}

120
2006/1xxx/CVE-2006-1559.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-1158",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1158",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1158"
}
]
}
}

500
2006/5xxx/CVE-2006-5190.json
View File

@ -1,252 +1,252 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "28743",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28743/"
},
{
"name" : "28744",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28744/"
},
{
"name" : "28745",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28745/"
},
{
"name" : "28746",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28746/"
},
{
"name" : "28747",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28747/"
},
{
"name" : "28748",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28748/"
},
{
"name" : "28749",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28749/"
},
{
"name" : "28750",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28750/"
},
{
"name" : "28752",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28752/"
},
{
"name" : "28753",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28753/"
},
{
"name" : "28754",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28754/"
},
{
"name" : "28755",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28755/"
},
{
"name" : "28756",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28756/"
},
{
"name" : "28757",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28757/"
},
{
"name" : "28758",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28758/"
},
{
"name" : "28759",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/28759/"
},
{
"name" : "http://lostmon.blogspot.com/2006/10/oscommerce-multiple-scripts-page-param.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2006/10/oscommerce-multiple-scripts-page-param.html"
},
{
"name" : "20343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20343"
},
{
"name" : "ADV-2006-3917",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3917"
},
{
"name" : "29795",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29795"
},
{
"name" : "29796",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29796"
},
{
"name" : "29797",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29797"
},
{
"name" : "29798",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29798"
},
{
"name" : "29799",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29799"
},
{
"name" : "29800",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29800"
},
{
"name" : "29801",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29801"
},
{
"name" : "29802",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29802"
},
{
"name" : "29805",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29805"
},
{
"name" : "29806",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29806"
},
{
"name" : "29807",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29807"
},
{
"name" : "29808",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29808"
},
{
"name" : "29809",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29809"
},
{
"name" : "29810",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29810"
},
{
"name" : "29811",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29811"
},
{
"name" : "29803",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29803"
},
{
"name" : "29804",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29804"
},
{
"name" : "1016979",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016979"
},
{
"name" : "22275",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22275"
},
{
"name" : "oscommerce-page-xss(29355)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29355"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28750",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28750/"
},
{
"name": "29801",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29801"
},
{
"name": "28746",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28746/"
},
{
"name": "29803",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29803"
},
{
"name": "ADV-2006-3917",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3917"
},
{
"name": "29798",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29798"
},
{
"name": "29808",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29808"
},
{
"name": "29807",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29807"
},
{
"name": "22275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22275"
},
{
"name": "29802",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29802"
},
{
"name": "29795",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29795"
},
{
"name": "28759",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28759/"
},
{
"name": "28755",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28755/"
},
{
"name": "http://lostmon.blogspot.com/2006/10/oscommerce-multiple-scripts-page-param.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2006/10/oscommerce-multiple-scripts-page-param.html"
},
{
"name": "28747",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28747/"
},
{
"name": "28744",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28744/"
},
{
"name": "1016979",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016979"
},
{
"name": "29809",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29809"
},
{
"name": "29799",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29799"
},
{
"name": "28757",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28757/"
},
{
"name": "28748",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28748/"
},
{
"name": "29810",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29810"
},
{
"name": "29811",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29811"
},
{
"name": "28758",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28758/"
},
{
"name": "28753",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28753/"
},
{
"name": "29797",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29797"
},
{
"name": "29806",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29806"
},
{
"name": "28749",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28749/"
},
{
"name": "29800",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29800"
},
{
"name": "20343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20343"
},
{
"name": "oscommerce-page-xss(29355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29355"
},
{
"name": "29796",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29796"
},
{
"name": "28743",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28743/"
},
{
"name": "28754",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28754/"
},
{
"name": "28745",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28745/"
},
{
"name": "29804",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29804"
},
{
"name": "28756",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28756/"
},
{
"name": "29805",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29805"
},
{
"name": "28752",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/28752/"
}
]
}
}

140
2007/2xxx/CVE-2007-2106.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2106",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the current_theme parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070404 K-CMS v1.0 Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/464677/100/0/threaded"
},
{
"name" : "2579",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2579"
},
{
"name" : "kcms-index-file-include(33437)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33437"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the current_theme parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "kcms-index-file-include(33437)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33437"
},
{
"name": "2579",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2579"
},
{
"name": "20070404 K-CMS v1.0 Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464677/100/0/threaded"
}
]
}
}

140
2007/2xxx/CVE-2007-2164.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2164",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070417 Internet Explorer Crash",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466017/100/0/threaded"
},
{
"name" : "20070417 Re: Internet Explorer Crash",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466147/100/0/threaded"
},
{
"name" : "2600",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2600"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070417 Re: Internet Explorer Crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466147/100/0/threaded"
},
{
"name": "2600",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2600"
},
{
"name": "20070417 Internet Explorer Crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466017/100/0/threaded"
}
]
}
}

280
2007/2xxx/CVE-2007-2807.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2807",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.eggheads.org/bugzilla/show_bug.cgi?id=462",
"refsource" : "MISC",
"url" : "http://www.eggheads.org/bugzilla/show_bug.cgi?id=462"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427157",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427157"
},
{
"name" : "DSA-1448",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1448"
},
{
"name" : "DSA-1826",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1826"
},
{
"name" : "FEDORA-2007-4305",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00336.html"
},
{
"name" : "FEDORA-2007-4325",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00348.html"
},
{
"name" : "GLSA-200709-07",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200709-07.xml"
},
{
"name" : "MDKSA-2007:175",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:175"
},
{
"name" : "24070",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24070"
},
{
"name" : "36237",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36237"
},
{
"name" : "1018700",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018700"
},
{
"name" : "25276",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25276"
},
{
"name" : "26727",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26727"
},
{
"name" : "26826",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26826"
},
{
"name" : "27989",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27989"
},
{
"name" : "28347",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28347"
},
{
"name" : "35690",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35690"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25276"
},
{
"name": "MDKSA-2007:175",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:175"
},
{
"name": "24070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24070"
},
{
"name": "GLSA-200709-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200709-07.xml"
},
{
"name": "27989",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27989"
},
{
"name": "FEDORA-2007-4325",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00348.html"
},
{
"name": "26826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26826"
},
{
"name": "35690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35690"
},
{
"name": "28347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28347"
},
{
"name": "1018700",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018700"
},
{
"name": "26727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26727"
},
{
"name": "http://www.eggheads.org/bugzilla/show_bug.cgi?id=462",
"refsource": "MISC",
"url": "http://www.eggheads.org/bugzilla/show_bug.cgi?id=462"
},
{
"name": "DSA-1448",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1448"
},
{
"name": "36237",
"refsource": "OSVDB",
"url": "http://osvdb.org/36237"
},
{
"name": "FEDORA-2007-4305",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00336.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427157",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427157"
},
{
"name": "DSA-1826",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1826"
}
]
}
}

200
2007/3xxx/CVE-2007-3014.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3014",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070713 ActiveWeb Contentserver CMS Multiple Cross Site Scriptings",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/473631/100/0/threaded"
},
{
"name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2007-005.php",
"refsource" : "MISC",
"url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2007-005.php"
},
{
"name" : "24895",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24895"
},
{
"name" : "24896",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24896"
},
{
"name" : "36259",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/36259"
},
{
"name" : "36260",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/36260"
},
{
"name" : "36261",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/36261"
},
{
"name" : "26063",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26063"
},
{
"name" : "activeweb-contentserver-msg-xss(35389)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35389"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24896"
},
{
"name": "36259",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36259"
},
{
"name": "20070713 ActiveWeb Contentserver CMS Multiple Cross Site Scriptings",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473631/100/0/threaded"
},
{
"name": "36261",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36261"
},
{
"name": "24895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24895"
},
{
"name": "activeweb-contentserver-msg-xss(35389)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35389"
},
{
"name": "36260",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36260"
},
{
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-005.php",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-005.php"
},
{
"name": "26063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26063"
}
]
}
}

200
2007/6xxx/CVE-2007-6083.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6083",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071118 IceBB 1.0rc6 <= Remote SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/483916/100/0/threaded"
},
{
"name" : "20071119 Re: IceBB 1.0rc6 <= Remote SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/483926/100/0/threaded"
},
{
"name" : "4634",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4634"
},
{
"name" : "http://www.aeroxteam.fr/advisory-IceBB-1.0rc6.txt",
"refsource" : "MISC",
"url" : "http://www.aeroxteam.fr/advisory-IceBB-1.0rc6.txt"
},
{
"name" : "http://www.aeroxteam.fr/exploit-IceBB-1.0rc6.txt",
"refsource" : "MISC",
"url" : "http://www.aeroxteam.fr/exploit-IceBB-1.0rc6.txt"
},
{
"name" : "26483",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26483"
},
{
"name" : "38732",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38732"
},
{
"name" : "27709",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27709"
},
{
"name" : "icebb-xforwardedfor-sql-injection(38550)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38550"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26483"
},
{
"name": "38732",
"refsource": "OSVDB",
"url": "http://osvdb.org/38732"
},
{
"name": "20071119 Re: IceBB 1.0rc6 <= Remote SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483926/100/0/threaded"
},
{
"name": "4634",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4634"
},
{
"name": "http://www.aeroxteam.fr/exploit-IceBB-1.0rc6.txt",
"refsource": "MISC",
"url": "http://www.aeroxteam.fr/exploit-IceBB-1.0rc6.txt"
},
{
"name": "icebb-xforwardedfor-sql-injection(38550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38550"
},
{
"name": "http://www.aeroxteam.fr/advisory-IceBB-1.0rc6.txt",
"refsource": "MISC",
"url": "http://www.aeroxteam.fr/advisory-IceBB-1.0rc6.txt"
},
{
"name": "20071118 IceBB 1.0rc6 <= Remote SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483916/100/0/threaded"
},
{
"name": "27709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27709"
}
]
}
}

160
2007/6xxx/CVE-2007-6265.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6265",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.avast.com/eng/avast-4-home_pro-revision-history.html",
"refsource" : "CONFIRM",
"url" : "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"name" : "26702",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26702"
},
{
"name" : "ADV-2007-4097",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4097"
},
{
"name" : "27929",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27929"
},
{
"name" : "avast-tar-code-execution(38877)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38877"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26702"
},
{
"name": "27929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27929"
},
{
"name": "ADV-2007-4097",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4097"
},
{
"name": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html",
"refsource": "CONFIRM",
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"name": "avast-tar-code-execution(38877)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38877"
}
]
}
}

120
2007/6xxx/CVE-2007-6760.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6760",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.tmcnet.com/blog/tom-keating/computer-hardware/dataprobe-ibootbar-review.asp",
"refsource" : "MISC",
"url" : "http://blog.tmcnet.com/blog/tom-keating/computer-hardware/dataprobe-ibootbar-review.asp"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.tmcnet.com/blog/tom-keating/computer-hardware/dataprobe-ibootbar-review.asp",
"refsource": "MISC",
"url": "http://blog.tmcnet.com/blog/tom-keating/computer-hardware/dataprobe-ibootbar-review.asp"
}
]
}
}

150
2010/0xxx/CVE-2010-0014.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0014",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=553233",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=553233"
},
{
"name" : "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1",
"refsource" : "CONFIRM",
"url" : "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1"
},
{
"name" : "37747",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37747"
},
{
"name" : "38160",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38160"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38160"
},
{
"name": "37747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37747"
},
{
"name": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=553233",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=553233"
}
]
}
}

140
2010/0xxx/CVE-2010-0374.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0374",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.com/1001-exploits/joomlamarketplace-xss.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.com/1001-exploits/joomlamarketplace-xss.txt"
},
{
"name" : "37819",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37819"
},
{
"name" : "marketplace-index-xss(55662)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55662"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.packetstormsecurity.com/1001-exploits/joomlamarketplace-xss.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1001-exploits/joomlamarketplace-xss.txt"
},
{
"name": "marketplace-index-xss(55662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55662"
},
{
"name": "37819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37819"
}
]
}
}

170
2010/0xxx/CVE-2010-0752.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0752",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/723776",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/723776"
},
{
"name" : "http://drupal.org/node/724286",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/724286"
},
{
"name" : "38397",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38397"
},
{
"name" : "62565",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62565"
},
{
"name" : "38717",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38717"
},
{
"name" : "weeklyarchive-nodetype-info-disclosure(56504)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56504"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "weeklyarchive-nodetype-info-disclosure(56504)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56504"
},
{
"name": "http://drupal.org/node/723776",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/723776"
},
{
"name": "http://drupal.org/node/724286",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/724286"
},
{
"name": "38717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38717"
},
{
"name": "62565",
"refsource": "OSVDB",
"url": "http://osvdb.org/62565"
},
{
"name": "38397",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38397"
}
]
}
}

130
2010/1xxx/CVE-2010-1106.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1106",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.com/1001-exploits/advertisemanager-xssrfitraversal.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.com/1001-exploits/advertisemanager-xssrfitraversal.txt"
},
{
"name" : "advertisementmanager-index-file-include(55756)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55756"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "advertisementmanager-index-file-include(55756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55756"
},
{
"name": "http://www.packetstormsecurity.com/1001-exploits/advertisemanager-xssrfitraversal.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1001-exploits/advertisemanager-xssrfitraversal.txt"
}
]
}
}

150
2010/1xxx/CVE-2010-1246.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka \"Excel RTD Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100608 VUPEN Security Research - Microsoft Office Excel RTD Stack Overflow Vulnerability (CVE-2010-1246)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511755/100/0/threaded"
},
{
"name" : "MS10-038",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"name" : "TA10-159B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name" : "oval:org.mitre.oval:def:6839",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6839"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka \"Excel RTD Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6839",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6839"
},
{
"name": "20100608 VUPEN Security Research - Microsoft Office Excel RTD Stack Overflow Vulnerability (CVE-2010-1246)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511755/100/0/threaded"
},
{
"name": "MS10-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
]
}
}

150
2010/1xxx/CVE-2010-1308.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1004-exploits/joomlasvmap-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/joomlasvmap-lfi.txt"
},
{
"name" : "12066",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12066"
},
{
"name" : "39350",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39350"
},
{
"name" : "ADV-2010-0809",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlasvmap-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlasvmap-lfi.txt"
},
{
"name": "39350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39350"
},
{
"name": "12066",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12066"
},
{
"name": "ADV-2010-0809",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0809"
}
]
}
}

120
2010/1xxx/CVE-2010-1730.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://h.ackack.net/?p=258",
"refsource" : "MISC",
"url" : "http://h.ackack.net/?p=258"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://h.ackack.net/?p=258",
"refsource": "MISC",
"url": "http://h.ackack.net/?p=258"
}
]
}
}

230
2010/1xxx/CVE-2010-1760.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1760",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://security-tracker.debian.org/tracker/CVE-2010-1760",
"refsource" : "CONFIRM",
"url" : "http://security-tracker.debian.org/tracker/CVE-2010-1760"
},
{
"name" : "http://trac.webkit.org/changeset/58409",
"refsource" : "CONFIRM",
"url" : "http://trac.webkit.org/changeset/58409"
},
{
"name" : "https://bugs.webkit.org/show_bug.cgi?id=37781",
"refsource" : "CONFIRM",
"url" : "https://bugs.webkit.org/show_bug.cgi?id=37781"
},
{
"name" : "MDVSA-2011:039",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-1006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name" : "42494",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42494"
},
{
"name" : "41856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41856"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-2722",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "ADV-2011-0552",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=37781",
"refsource": "CONFIRM",
"url": "https://bugs.webkit.org/show_bug.cgi?id=37781"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "42494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42494"
},
{
"name": "http://trac.webkit.org/changeset/58409",
"refsource": "CONFIRM",
"url": "http://trac.webkit.org/changeset/58409"
},
{
"name": "http://security-tracker.debian.org/tracker/CVE-2010-1760",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-1760"
}
]
}
}

140
2010/1xxx/CVE-2010-1882.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1882",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka \"MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-052",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-052"
},
{
"name" : "TA10-222A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name" : "oval:org.mitre.oval:def:11585",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11585"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka \"MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "oval:org.mitre.oval:def:11585",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11585"
},
{
"name": "MS10-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-052"
}
]
}
}

180
2010/4xxx/CVE-2010-4801.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filepath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15234",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15234"
},
{
"name" : "http://packetstormsecurity.org/1010-exploits/baconmap10-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1010-exploits/baconmap10-lfi.txt"
},
{
"name" : "http://www.johnleitch.net/Vulnerabilities/BaconMap.1.0.Local.File.Inclusion/50",
"refsource" : "MISC",
"url" : "http://www.johnleitch.net/Vulnerabilities/BaconMap.1.0.Local.File.Inclusion/50"
},
{
"name" : "43908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43908"
},
{
"name" : "41749",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41749"
},
{
"name" : "8229",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8229"
},
{
"name" : "baconmap-updatelist-file-include(62390)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62390"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filepath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15234",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15234"
},
{
"name": "43908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43908"
},
{
"name": "41749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41749"
},
{
"name": "http://www.johnleitch.net/Vulnerabilities/BaconMap.1.0.Local.File.Inclusion/50",
"refsource": "MISC",
"url": "http://www.johnleitch.net/Vulnerabilities/BaconMap.1.0.Local.File.Inclusion/50"
},
{
"name": "http://packetstormsecurity.org/1010-exploits/baconmap10-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1010-exploits/baconmap10-lfi.txt"
},
{
"name": "baconmap-updatelist-file-include(62390)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62390"
},
{
"name": "8229",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8229"
}
]
}
}

34
2010/5xxx/CVE-2010-5112.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5112",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5112",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/0xxx/CVE-2014-0754.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
},
{
"name" : "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf",
"refsource" : "CONFIRM",
"url" : "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf"
},
{
"name" : "70193",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70193"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70193"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
},
{
"name": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf"
}
]
}
}

130
2014/0xxx/CVE-2014-0887.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0887",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21668124",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21668124"
},
{
"name" : "ibm-lpms-cve20140887-command-root(91173)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91173"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21668124",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668124"
},
{
"name": "ibm-lpms-cve20140887-command-root(91173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91173"
}
]
}
}

160
2014/1xxx/CVE-2014-1442.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1442",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140205 Core FTP Server Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Feb/39"
},
{
"name" : "http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html"
},
{
"name" : "http://coreftp.com/forums/viewtopic.php?t=2985707",
"refsource" : "CONFIRM",
"url" : "http://coreftp.com/forums/viewtopic.php?t=2985707"
},
{
"name" : "102967",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/102967"
},
{
"name" : "56850",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56850"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html"
},
{
"name": "102967",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/102967"
},
{
"name": "http://coreftp.com/forums/viewtopic.php?t=2985707",
"refsource": "CONFIRM",
"url": "http://coreftp.com/forums/viewtopic.php?t=2985707"
},
{
"name": "56850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56850"
},
{
"name": "20140205 Core FTP Server Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Feb/39"
}
]
}
}

130
2014/1xxx/CVE-2014-1807.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1807",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local users to gain privileges via a crafted application, as exploited in the wild in May 2014, aka \"Windows Shell File Association Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-1807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-027",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-027"
},
{
"name" : "67276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67276"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local users to gain privileges via a crafted application, as exploited in the wild in May 2014, aka \"Windows Shell File Association Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-027",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-027"
},
{
"name": "67276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67276"
}
]
}
}

160
2014/1xxx/CVE-2014-1877.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone, (2) Street, (3) Address line, (4) Zip code, or (5) City field to main/auth/profile.php; (6) Subject field to main/social/groups.php; or (7) Message body field to main/messages/view_message.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140206 Dokeos 2.1.1 Multiple Stored XSS Vulnerabilities",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q1/258"
},
{
"name" : "[oss-security] 20140207 Re: Dokeos 2.1.1 Multiple Stored XSS Vulnerabilities",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q1/286"
},
{
"name" : "http://www.xchg.info/?p=381",
"refsource" : "MISC",
"url" : "http://www.xchg.info/?p=381"
},
{
"name" : "65416",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65416"
},
{
"name" : "dokeos-cve20141877-xss(91295)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91295"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone, (2) Street, (3) Address line, (4) Zip code, or (5) City field to main/auth/profile.php; (6) Subject field to main/social/groups.php; or (7) Message body field to main/messages/view_message.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140206 Dokeos 2.1.1 Multiple Stored XSS Vulnerabilities",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/258"
},
{
"name": "[oss-security] 20140207 Re: Dokeos 2.1.1 Multiple Stored XSS Vulnerabilities",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/286"
},
{
"name": "http://www.xchg.info/?p=381",
"refsource": "MISC",
"url": "http://www.xchg.info/?p=381"
},
{
"name": "65416",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65416"
},
{
"name": "dokeos-cve20141877-xss(91295)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91295"
}
]
}
}

170
2014/4xxx/CVE-2014-4457.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4457",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/en-us/HT6590",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/en-us/HT6590"
},
{
"name" : "https://support.apple.com/en-us/HT204418",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/en-us/HT204418"
},
{
"name" : "APPLE-SA-2014-11-17-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
},
{
"name" : "71143",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71143"
},
{
"name" : "1031232",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031232"
},
{
"name" : "appleios-cve20144457-sec-bypass(98777)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98777"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2014-11-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
},
{
"name": "appleios-cve20144457-sec-bypass(98777)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98777"
},
{
"name": "https://support.apple.com/en-us/HT6590",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT6590"
},
{
"name": "71143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71143"
},
{
"name": "1031232",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031232"
},
{
"name": "https://support.apple.com/en-us/HT204418",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT204418"
}
]
}
}

120
2014/4xxx/CVE-2014-4599.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or (5) page_links parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-wp-ttisbdir-a3-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-wp-ttisbdir-a3-cross-site-scripting-xss"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or (5) page_links parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codevigilant.com/disclosure/wp-plugin-wp-ttisbdir-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-wp-ttisbdir-a3-cross-site-scripting-xss"
}
]
}
}

150
2014/4xxx/CVE-2014-4762.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681998",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681998"
},
{
"name" : "PI21973",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI21973"
},
{
"name" : "61204",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61204"
},
{
"name" : "ibm-wsportal-cve20144762-xss(94659)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94659"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61204"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998"
},
{
"name": "ibm-wsportal-cve20144762-xss(94659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94659"
},
{
"name": "PI21973",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI21973"
}
]
}
}

34
2014/4xxx/CVE-2014-4893.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4893",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4893",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/4xxx/CVE-2014-4988.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4988",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4988",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2014/5xxx/CVE-2014-5173.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5173",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140729 [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532944/100/0/threaded"
},
{
"name" : "20140729 [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jul/150"
},
{
"name" : "http://packetstormsecurity.com/files/127667/SAP-HANA-IU5-SDK-Authentication-Bypass.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127667/SAP-HANA-IU5-SDK-Authentication-Bypass.html"
},
{
"name" : "http://scn.sap.com/docs/DOC-8218",
"refsource" : "CONFIRM",
"url" : "http://scn.sap.com/docs/DOC-8218"
},
{
"name" : "https://service.sap.com/sap/support/notes/1964428",
"refsource" : "CONFIRM",
"url" : "https://service.sap.com/sap/support/notes/1964428"
},
{
"name" : "68950",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68950"
},
{
"name" : "sap-hanaxs-sec-bypass(94931)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94931"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sap-hanaxs-sec-bypass(94931)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94931"
},
{
"name": "http://packetstormsecurity.com/files/127667/SAP-HANA-IU5-SDK-Authentication-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127667/SAP-HANA-IU5-SDK-Authentication-Bypass.html"
},
{
"name": "20140729 [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/150"
},
{
"name": "http://scn.sap.com/docs/DOC-8218",
"refsource": "CONFIRM",
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"name": "20140729 [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532944/100/0/threaded"
},
{
"name": "68950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68950"
},
{
"name": "https://service.sap.com/sap/support/notes/1964428",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1964428"
}
]
}
}

140
2014/9xxx/CVE-2014-9113.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9113",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\\, which allows local users to obtain LocalSystem privileges via a Trojan horse file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35395",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35395"
},
{
"name" : "http://packetstormsecurity.com/files/129323/CCH-Wolters-Kluwer-PFX-Engagement-7.1-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129323/CCH-Wolters-Kluwer-PFX-Engagement-7.1-Privilege-Escalation.html"
},
{
"name" : "http://www.information-paradox.net/2014/11/cve-2014-9113-cch-wolters-kluwer-pfx.html",
"refsource" : "MISC",
"url" : "http://www.information-paradox.net/2014/11/cve-2014-9113-cch-wolters-kluwer-pfx.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\\, which allows local users to obtain LocalSystem privileges via a Trojan horse file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35395",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35395"
},
{
"name": "http://packetstormsecurity.com/files/129323/CCH-Wolters-Kluwer-PFX-Engagement-7.1-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129323/CCH-Wolters-Kluwer-PFX-Engagement-7.1-Privilege-Escalation.html"
},
{
"name": "http://www.information-paradox.net/2014/11/cve-2014-9113-cch-wolters-kluwer-pfx.html",
"refsource": "MISC",
"url": "http://www.information-paradox.net/2014/11/cve-2014-9113-cch-wolters-kluwer-pfx.html"
}
]
}
}

120
2014/9xxx/CVE-2014-9692.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2014-9692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tecal RH1288 V2,Tecal RH2265 V2,Tecal RH2285 V2,Tecal RH2265 V2,Tecal RH2285H V2,Tecal RH2268 V2,Tecal RH2288 V2,Tecal RH2288H V2,Tecal RH2485 V2,Tecal RH5885 V2,Tecal RH5885 V3,Tecal RH5885H V3,Tecal XH310 V2,Tecal XH311 V2,Tecal XH320 V2,Tecal XH621 V2,Tecal DH310 V2,Tecal DH320 V2,Tecal DH620 V2,Tecal DH621 V2,Tecal DH628 V2,Tecal BH620 V2,Tecal BH621 V2,Tecal BH622 V2,Tecal BH640 V2,Tecal CH121,Tecal CH140,Tecal CH220,Tecal CH221,Tecal CH222,Tecal CH240,Tecal CH242,Tecal CH242 V3, Tecal RH1288 V2 V100R002C00SPC107 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285 V2 V100R002C00SPC115 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285H V2 V100R002C00SPC111 and earlier versions,Tecal RH2268 V2 V100R002C00,Tecal RH2288 V2 V100R002C00SPC117 and earlier versions,Tecal RH2288H V2 V100R002C00SPC115 and earlier versions,Tecal RH2485 V2 V100R002C00SPC502 and earlier versions,Tecal RH5885 V2 V100R001C02SPC109 and earlier versions,Tecal RH5885 V3 V100R003C01SPC102 and earlier versions,Tecal RH5885H V3 V100R003C00SPC102 and earlier versions,Tecal XH310 V2 V100R001C00SPC110 and earlier versions,Tecal XH311 V2 V100R001C00SPC110 and earlier versions,Tecal XH320 V2 V100R001C00SPC110 and earlier versions,Tecal XH621 V2 V100R001C00SPC106 and earlier versions,Tecal DH310 V2 V100R001C00SPC110 and earlier versions,Tecal DH320 V2 V100R001C00SPC106 and earlier versions,Tecal DH620 V2 V100R001C00SPC106 and earlier versions,Tecal DH621 V2 V100R001C00SPC107 and earlier versions,Tecal DH628 V2 V100R001C00SPC107 and earlier versions,Tecal BH620 V2 V100R002C00SPC107 and earlier versions,Tecal BH621 V2 V100R002C00SPC106 and earlier versions,Tecal BH622 V2 V100R002C00SPC110 ?and earlier versions,Tecal BH640 V2 V100R002C00SPC108 and earlier versions,Tecal CH121 V100R001C00SPC180 and earlier versions,Tecal CH140 V100R001C00SPC110 and earlier versions,Tecal CH220 V100R001C00SPC180 and earlier versions,Tecal CH221 V100R001C00SPC180 and earlier versions,Tecal CH222 V100R002C00SPC180 and earlier versions,Tecal CH240 V100R001C00SPC180 and earlier versions,Tecal CH242 V100R001C00SPC180 and earlier versions,Tecal CH242 V3 V100R001C00SPC110 and earlier versions,",
"version" : {
"version_data" : [
{
"version_value" : "Tecal RH1288 V2,Tecal RH2265 V2,Tecal RH2285 V2,Tecal RH2265 V2,Tecal RH2285H V2,Tecal RH2268 V2,Tecal RH2288 V2,Tecal RH2288H V2,Tecal RH2485 V2,Tecal RH5885 V2,Tecal RH5885 V3,Tecal RH5885H V3,Tecal XH310 V2,Tecal XH311 V2,Tecal XH320 V2,Tecal XH621 V2,Tecal DH310 V2,Tecal DH320 V2,Tecal DH620 V2,Tecal DH621 V2,Tecal DH628 V2,Tecal BH620 V2,Tecal BH621 V2,Tecal BH622 V2,Tecal BH640 V2,Tecal CH121,Tecal CH140,Tecal CH220,Tecal CH221,Tecal CH222,Tecal CH240,Tecal CH242,Tecal CH242 V3, Tecal RH1288 V2 V100R002C00SPC107 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285 V2 V100R002C00SPC115 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285H V2 V100R002C00SPC111 and earlier versions,Tecal RH2268 V2 V100R002C00,Tecal RH2288 V2 V100R002C00SPC117 and earlier versions,Tecal RH2288H V2 V100R002C00SPC115 and earlier versions,Tecal RH2485 V2 V100R002C00SPC502 and earlier versions,Tecal RH5885 V2 V100R001C02SPC109 and earlier versions,Tecal RH5885 V3 V100R003C01SPC102 and earlier versions,Tecal RH5885H V3 V100R003C00SPC102 and earlier versions,Tecal XH310 V2 V100R001C00SPC110 and earlier versions,Tecal XH311 V2 V100R001C00SPC110 and earlier versions,Tecal XH320 V2 V100R001C00SPC110 and earlier versions,Tecal XH621 V2 V100R001C00SPC106 and earlier versions,Tecal DH310 V2 V100R001C00SPC110 and earlier versions,Tecal DH320 V2 V100R001C00SPC106 and earlier versions,Tecal DH620 V2 V100R001C00SPC106 and earlier versions,Tecal DH621 V2 V100R001C00SPC107 and earlier versions,Tecal DH628 V2 V100R001C00SPC107 and earlier versions,Tecal BH620 V2 V100R002C00SPC107 and earlier versions,Tecal BH621 V2 V100R002C00SPC106 and earlier versions,Tecal BH622 V2 V100R002C00SPC110 ?and earlier versions,Tecal BH640 V2 V100R002C00SPC108 and earlier versions,Tecal CH121 V100R001C00SPC180 and earlier versions,Tecal CH140 V100R001C00SPC110 and earlier versions,Tecal CH220 V100R001C00SPC180 and earlier versions,Tecal CH221 V100R001C00SPC180 and earlier versions,Tecal CH222 V100R002C00SPC180 and earlier versions,Tecal CH240 V100R001C00SPC180 and earlier versions,Tecal CH242 V100R001C00SPC180 and earlier versions,Tecal CH242 V3 V100R001C00SPC110 and earlier versions,"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to figure out the RMCP+ session IDs of users and access the system with forged identities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2014-9692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tecal RH1288 V2,Tecal RH2265 V2,Tecal RH2285 V2,Tecal RH2265 V2,Tecal RH2285H V2,Tecal RH2268 V2,Tecal RH2288 V2,Tecal RH2288H V2,Tecal RH2485 V2,Tecal RH5885 V2,Tecal RH5885 V3,Tecal RH5885H V3,Tecal XH310 V2,Tecal XH311 V2,Tecal XH320 V2,Tecal XH621 V2,Tecal DH310 V2,Tecal DH320 V2,Tecal DH620 V2,Tecal DH621 V2,Tecal DH628 V2,Tecal BH620 V2,Tecal BH621 V2,Tecal BH622 V2,Tecal BH640 V2,Tecal CH121,Tecal CH140,Tecal CH220,Tecal CH221,Tecal CH222,Tecal CH240,Tecal CH242,Tecal CH242 V3, Tecal RH1288 V2 V100R002C00SPC107 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285 V2 V100R002C00SPC115 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285H V2 V100R002C00SPC111 and earlier versions,Tecal RH2268 V2 V100R002C00,Tecal RH2288 V2 V100R002C00SPC117 and earlier versions,Tecal RH2288H V2 V100R002C00SPC115 and earlier versions,Tecal RH2485 V2 V100R002C00SPC502 and earlier versions,Tecal RH5885 V2 V100R001C02SPC109 and earlier versions,Tecal RH5885 V3 V100R003C01SPC102 and earlier versions,Tecal RH5885H V3 V100R003C00SPC102 and earlier versions,Tecal XH310 V2 V100R001C00SPC110 and earlier versions,Tecal XH311 V2 V100R001C00SPC110 and earlier versions,Tecal XH320 V2 V100R001C00SPC110 and earlier versions,Tecal XH621 V2 V100R001C00SPC106 and earlier versions,Tecal DH310 V2 V100R001C00SPC110 and earlier versions,Tecal DH320 V2 V100R001C00SPC106 and earlier versions,Tecal DH620 V2 V100R001C00SPC106 and earlier versions,Tecal DH621 V2 V100R001C00SPC107 and earlier versions,Tecal DH628 V2 V100R001C00SPC107 and earlier versions,Tecal BH620 V2 V100R002C00SPC107 and earlier versions,Tecal BH621 V2 V100R002C00SPC106 and earlier versions,Tecal BH622 V2 V100R002C00SPC110 ?and earlier versions,Tecal BH640 V2 V100R002C00SPC108 and earlier versions,Tecal CH121 V100R001C00SPC180 and earlier versions,Tecal CH140 V100R001C00SPC110 and earlier versions,Tecal CH220 V100R001C00SPC180 and earlier versions,Tecal CH221 V100R001C00SPC180 and earlier versions,Tecal CH222 V100R002C00SPC180 and earlier versions,Tecal CH240 V100R001C00SPC180 and earlier versions,Tecal CH242 V100R001C00SPC180 and earlier versions,Tecal CH242 V3 V100R001C00SPC110 and earlier versions,",
"version": {
"version_data": [
{
"version_value": "Tecal RH1288 V2,Tecal RH2265 V2,Tecal RH2285 V2,Tecal RH2265 V2,Tecal RH2285H V2,Tecal RH2268 V2,Tecal RH2288 V2,Tecal RH2288H V2,Tecal RH2485 V2,Tecal RH5885 V2,Tecal RH5885 V3,Tecal RH5885H V3,Tecal XH310 V2,Tecal XH311 V2,Tecal XH320 V2,Tecal XH621 V2,Tecal DH310 V2,Tecal DH320 V2,Tecal DH620 V2,Tecal DH621 V2,Tecal DH628 V2,Tecal BH620 V2,Tecal BH621 V2,Tecal BH622 V2,Tecal BH640 V2,Tecal CH121,Tecal CH140,Tecal CH220,Tecal CH221,Tecal CH222,Tecal CH240,Tecal CH242,Tecal CH242 V3, Tecal RH1288 V2 V100R002C00SPC107 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285 V2 V100R002C00SPC115 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285H V2 V100R002C00SPC111 and earlier versions,Tecal RH2268 V2 V100R002C00,Tecal RH2288 V2 V100R002C00SPC117 and earlier versions,Tecal RH2288H V2 V100R002C00SPC115 and earlier versions,Tecal RH2485 V2 V100R002C00SPC502 and earlier versions,Tecal RH5885 V2 V100R001C02SPC109 and earlier versions,Tecal RH5885 V3 V100R003C01SPC102 and earlier versions,Tecal RH5885H V3 V100R003C00SPC102 and earlier versions,Tecal XH310 V2 V100R001C00SPC110 and earlier versions,Tecal XH311 V2 V100R001C00SPC110 and earlier versions,Tecal XH320 V2 V100R001C00SPC110 and earlier versions,Tecal XH621 V2 V100R001C00SPC106 and earlier versions,Tecal DH310 V2 V100R001C00SPC110 and earlier versions,Tecal DH320 V2 V100R001C00SPC106 and earlier versions,Tecal DH620 V2 V100R001C00SPC106 and earlier versions,Tecal DH621 V2 V100R001C00SPC107 and earlier versions,Tecal DH628 V2 V100R001C00SPC107 and earlier versions,Tecal BH620 V2 V100R002C00SPC107 and earlier versions,Tecal BH621 V2 V100R002C00SPC106 and earlier versions,Tecal BH622 V2 V100R002C00SPC110 ?and earlier versions,Tecal BH640 V2 V100R002C00SPC108 and earlier versions,Tecal CH121 V100R001C00SPC180 and earlier versions,Tecal CH140 V100R001C00SPC110 and earlier versions,Tecal CH220 V100R001C00SPC180 and earlier versions,Tecal CH221 V100R001C00SPC180 and earlier versions,Tecal CH222 V100R002C00SPC180 and earlier versions,Tecal CH240 V100R001C00SPC180 and earlier versions,Tecal CH242 V100R001C00SPC180 and earlier versions,Tecal CH242 V3 V100R001C00SPC110 and earlier versions,"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/hw-408100",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/hw-408100"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to figure out the RMCP+ session IDs of users and access the system with forged identities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-408100",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-408100"
}
]
}
}

140
2016/3xxx/CVE-2016-3002.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3002",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990864",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990864"
},
{
"name" : "LO90039",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039"
},
{
"name" : "94331",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94331"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990864",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990864"
},
{
"name": "94331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94331"
},
{
"name": "LO90039",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039"
}
]
}
}

130
2016/3xxx/CVE-2016-3054.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987129",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987129"
},
{
"name" : "92332",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92332"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92332"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987129",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987129"
}
]
}
}

130
2016/3xxx/CVE-2016-3764.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3764",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive pointer information via a crafted application, aka internal bug 28377502."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/daef4327fe0c75b0a90bb8627458feec7a301e1f",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/daef4327fe0c75b0a90bb8627458feec7a301e1f"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive pointer information via a crafted application, aka internal bug 28377502."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/daef4327fe0c75b0a90bb8627458feec7a301e1f",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/daef4327fe0c75b0a90bb8627458feec7a301e1f"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

120
2016/3xxx/CVE-2016-3770.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28346752 and MediaTek internal bug ALPS02703102."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28346752 and MediaTek internal bug ALPS02703102."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

160
2016/3xxx/CVE-2016-3889.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a system application, (2) the help feature, or (3) the Settings application during a pre-setup stage, aka internal bug 29194585."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/base/+/e206f02d46ae5e38c74d138b51f6e1637e261abe",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/base/+/e206f02d46ae5e38c74d138b51f6e1637e261abe"
},
{
"name" : "https://android.googlesource.com/platform/packages/apps/Settings/+/bd5d5176c74021e8cf4970f93f273ba3023c3d72",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/packages/apps/Settings/+/bd5d5176c74021e8cf4970f93f273ba3023c3d72"
},
{
"name" : "92854",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92854"
},
{
"name" : "1036763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a system application, (2) the help feature, or (3) the Settings application during a pre-setup stage, aka internal bug 29194585."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92854"
},
{
"name": "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/e206f02d46ae5e38c74d138b51f6e1637e261abe",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/e206f02d46ae5e38c74d138b51f6e1637e261abe"
},
{
"name": "https://android.googlesource.com/platform/packages/apps/Settings/+/bd5d5176c74021e8cf4970f93f273ba3023c3d72",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/bd5d5176c74021e8cf4970f93f273ba3023c3d72"
}
]
}
}

140
2016/3xxx/CVE-2016-3895.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3895",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/native/+/363247929c35104b3e5ee9e637e9dcf579080aee",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/native/+/363247929c35104b3e5ee9e637e9dcf579080aee"
},
{
"name" : "1036763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "https://android.googlesource.com/platform/frameworks/native/+/363247929c35104b3e5ee9e637e9dcf579080aee",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/native/+/363247929c35104b3e5ee9e637e9dcf579080aee"
}
]
}
}

130
2016/3xxx/CVE-2016-3985.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40166",
"refsource" : "CONFIRM",
"url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40166"
},
{
"name" : "1035129",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035129"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035129",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035129"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40166",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40166"
}
]
}
}

34
2016/7xxx/CVE-2016-7342.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7342",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7342",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/7xxx/CVE-2016-7747.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7747",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7747",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

190
2016/7xxx/CVE-2016-7908.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7908",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161003 CVE request Qemu: net: Infinite loop in mcf_fec_do_tx",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/03/2"
},
{
"name" : "[oss-security] 20161003 Re: CVE request Qemu: net: Infinite loop in mcf_fec_do_tx",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/03/5"
},
{
"name" : "[qemu-devel] 20160922 [PATCH v2] net: mcf: limit buffer descriptor count",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html"
},
{
"name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=070c4b92b8cd5390889716677a0b92444d6e087a",
"refsource" : "CONFIRM",
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=070c4b92b8cd5390889716677a0b92444d6e087a"
},
{
"name" : "GLSA-201611-11",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-11"
},
{
"name" : "openSUSE-SU-2016:3237",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name" : "93273",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161003 CVE request Qemu: net: Infinite loop in mcf_fec_do_tx",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/2"
},
{
"name": "[qemu-devel] 20160922 [PATCH v2] net: mcf: limit buffer descriptor count",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html"
},
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=070c4b92b8cd5390889716677a0b92444d6e087a",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=070c4b92b8cd5390889716677a0b92444d6e087a"
},
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93273"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20161003 Re: CVE request Qemu: net: Infinite loop in mcf_fec_do_tx",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/5"
}
]
}
}

156
2016/8xxx/CVE-2016-8417.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8417",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32342399. References: QC-CR#1088824."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01dcc0a7cc23f23a89adf72393d5a27c6d576cd0",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01dcc0a7cc23f23a89adf72393d5a27c6d576cd0"
},
{
"name" : "96832",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96832"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32342399. References: QC-CR#1088824."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01dcc0a7cc23f23a89adf72393d5a27c6d576cd0",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01dcc0a7cc23f23a89adf72393d5a27c6d576cd0"
},
{
"name": "96832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96832"
}
]
}
}

34
2016/8xxx/CVE-2016-8498.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8498",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8498",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

160
2016/8xxx/CVE-2016-8700.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8700",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160818 potrace: multiple crashes",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/08/18/11"
},
{
"name" : "[oss-security] 20161015 Re: potrace: multiple crashes",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/16/12"
},
{
"name" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/"
},
{
"name" : "http://potrace.sourceforge.net/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://potrace.sourceforge.net/ChangeLog"
},
{
"name" : "93778",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93778"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93778"
},
{
"name": "[oss-security] 20161015 Re: potrace: multiple crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/12"
},
{
"name": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/"
},
{
"name": "[oss-security] 20160818 potrace: multiple crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/11"
},
{
"name": "http://potrace.sourceforge.net/ChangeLog",
"refsource": "CONFIRM",
"url": "http://potrace.sourceforge.net/ChangeLog"
}
]
}
}

130
2016/8xxx/CVE-2016-8934.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-8934",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Application Server for Bluemix",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server for Bluemix",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21995995",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21995995"
},
{
"name" : "95154",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95154"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995995",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995995"
},
{
"name": "95154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95154"
}
]
}
}

34
2016/9xxx/CVE-2016-9327.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9327",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9327",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

120
2016/9xxx/CVE-2016-9735.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-9735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Collaborative Lifecycle Management",
"version" : {
"version_data" : [
{
"version_value" : "4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 5.0, 4.0.7, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 5.0, 4.0.7, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22003064",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22003064"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003064",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003064"
}
]
}
}

34
2019/2xxx/CVE-2019-2018.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2018",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2018",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2132.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2132",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2132",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2209.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2209",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2209",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2762.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2762",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2762",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}