admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:25:39 +00:00
parent 32f0378d0b
commit ef3b95ebe2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3138 additions and 3138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
1999/0xxx/CVE-1999-0055.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in Sun libnsl allow root access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "00172",
"refsource" : "SUN",
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/172"
},
{
"name" : "IX80543",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IX80543&apar=only"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in Sun libnsl allow root access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IX80543",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IX80543&apar=only"
},
{
"name": "00172",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/172"
}
]
}
}

130
1999/0xxx/CVE-1999-0981.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0981",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka \"Server-side Page Reference Redirect.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS99-050",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-050"
},
{
"name" : "Q246094",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246094"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka \"Server-side Page Reference Redirect.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS99-050",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-050"
},
{
"name": "Q246094",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246094"
}
]
}
}

140
1999/1xxx/CVE-1999-1371.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19990308 Solaris \"/usr/bin/write\" bug",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=92100752221493&w=2"
},
{
"name" : "http://www.securiteam.com/exploits/5ZP0O1P35O.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/exploits/5ZP0O1P35O.html"
},
{
"name" : "solaris-write-bo(7546)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7546"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990308 Solaris \"/usr/bin/write\" bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=92100752221493&w=2"
},
{
"name": "solaris-write-bo(7546)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7546"
},
{
"name": "http://www.securiteam.com/exploits/5ZP0O1P35O.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5ZP0O1P35O.html"
}
]
}
}

130
1999/1xxx/CVE-1999-1390.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1390",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain root privileges by specifying a malicious program on the command line."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19980428 [Debian 2.0] /usr/bin/suidexec gives root access",
"refsource" : "BUGTRAQ",
"url" : "http://darwin.bio.uci.edu/~mcoogan/bugtraq/msg00890.html"
},
{
"name" : "94",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain root privileges by specifying a malicious program on the command line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94"
},
{
"name": "19980428 [Debian 2.0] /usr/bin/suidexec gives root access",
"refsource": "BUGTRAQ",
"url": "http://darwin.bio.uci.edu/~mcoogan/bugtraq/msg00890.html"
}
]
}
}

150
2005/2xxx/CVE-2005-2333.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2333",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in smilies_popup.php in SEO-Board 1.0 allows remote attackers to inject arbitrary web script or HTML via the doc parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14320",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14320"
},
{
"name" : "18062",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/18062"
},
{
"name" : "1014509",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014509"
},
{
"name" : "16051",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16051"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in smilies_popup.php in SEO-Board 1.0 allows remote attackers to inject arbitrary web script or HTML via the doc parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18062",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18062"
},
{
"name": "16051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16051"
},
{
"name": "1014509",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014509"
},
{
"name": "14320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14320"
}
]
}
}

200
2005/2xxx/CVE-2005-2416.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) term parameter to the search module or (2) title in the blog aggregation module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050722 Advisory 11/2005: Multiple vulnerabilities in Contrexx",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112206702015439&w=2"
},
{
"name" : "http://www.hardened-php.net/advisory_112005.59.html",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisory_112005.59.html"
},
{
"name" : "14352",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14352"
},
{
"name" : "18168",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/18168"
},
{
"name" : "18169",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/18169"
},
{
"name" : "1014554",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014554"
},
{
"name" : "16169",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16169"
},
{
"name" : "contrexx-blog-xss(21487)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21487"
},
{
"name" : "contrexx-search-xss(21484)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) term parameter to the search module or (2) title in the blog aggregation module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014554",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014554"
},
{
"name": "18168",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18168"
},
{
"name": "contrexx-search-xss(21484)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21484"
},
{
"name": "16169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16169"
},
{
"name": "contrexx-blog-xss(21487)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21487"
},
{
"name": "18169",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18169"
},
{
"name": "20050722 Advisory 11/2005: Multiple vulnerabilities in Contrexx",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112206702015439&w=2"
},
{
"name": "14352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14352"
},
{
"name": "http://www.hardened-php.net/advisory_112005.59.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_112005.59.html"
}
]
}
}

170
2007/1xxx/CVE-2007-1041.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1041",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3342",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3342"
},
{
"name" : "22618",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22618"
},
{
"name" : "ADV-2007-0663",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0663"
},
{
"name" : "33253",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33253"
},
{
"name" : "24216",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24216"
},
{
"name" : "newsrover-nzb-bo(32576)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32576"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "newsrover-nzb-bo(32576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32576"
},
{
"name": "22618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22618"
},
{
"name": "24216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24216"
},
{
"name": "3342",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3342"
},
{
"name": "ADV-2007-0663",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0663"
},
{
"name": "33253",
"refsource": "OSVDB",
"url": "http://osvdb.org/33253"
}
]
}
}

190
2007/1xxx/CVE-2007-1074.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1074",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3349",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3349"
},
{
"name" : "22652",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22652"
},
{
"name" : "ADV-2007-0694",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0694"
},
{
"name" : "33377",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33377"
},
{
"name" : "33378",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33378"
},
{
"name" : "24261",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24261"
},
{
"name" : "newsbinpro-nbi-bo(32598)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32598"
},
{
"name" : "newsbinpro-nzb-bo(32608)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32608"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "newsbinpro-nzb-bo(32608)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32608"
},
{
"name": "33377",
"refsource": "OSVDB",
"url": "http://osvdb.org/33377"
},
{
"name": "newsbinpro-nbi-bo(32598)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32598"
},
{
"name": "22652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22652"
},
{
"name": "24261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24261"
},
{
"name": "33378",
"refsource": "OSVDB",
"url": "http://osvdb.org/33378"
},
{
"name": "3349",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3349"
},
{
"name": "ADV-2007-0694",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0694"
}
]
}
}

190
2007/1xxx/CVE-2007-1085.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1085",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the \"under\" parameter in Advanced Search with the proper signature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070221 Overtaking Google Desktop",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/460735/100/0/threaded"
},
{
"name" : "20070222 RE: Overtaking Google Desktop",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/460928/100/0/threaded"
},
{
"name" : "http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf",
"refsource" : "MISC",
"url" : "http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf"
},
{
"name" : "VU#615857",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/615857"
},
{
"name" : "22650",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22650"
},
{
"name" : "33483",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33483"
},
{
"name" : "1017686",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017686"
},
{
"name" : "2301",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2301"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the \"under\" parameter in Advanced Search with the proper signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017686",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017686"
},
{
"name": "http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf",
"refsource": "MISC",
"url": "http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf"
},
{
"name": "20070221 Overtaking Google Desktop",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460735/100/0/threaded"
},
{
"name": "20070222 RE: Overtaking Google Desktop",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460928/100/0/threaded"
},
{
"name": "VU#615857",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/615857"
},
{
"name": "2301",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2301"
},
{
"name": "22650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22650"
},
{
"name": "33483",
"refsource": "OSVDB",
"url": "http://osvdb.org/33483"
}
]
}
}

34
2007/1xxx/CVE-2007-1335.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1335",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1335",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

220
2007/5xxx/CVE-2007-5200.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=332401",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=332401"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=362851",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=362851"
},
{
"name" : "FEDORA-2007-2989",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00199.html"
},
{
"name" : "GLSA-200712-01",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200712-01.xml"
},
{
"name" : "SUSE-SR:2007:020",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
},
{
"name" : "26730",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26730"
},
{
"name" : "42224",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42224"
},
{
"name" : "27229",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27229"
},
{
"name" : "27623",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27623"
},
{
"name" : "27653",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27653"
},
{
"name" : "27952",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27952"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27623"
},
{
"name": "GLSA-200712-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-01.xml"
},
{
"name": "FEDORA-2007-2989",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00199.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=362851",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362851"
},
{
"name": "27952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27952"
},
{
"name": "27653",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27653"
},
{
"name": "27229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27229"
},
{
"name": "26730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26730"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=332401",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=332401"
},
{
"name": "SUSE-SR:2007:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
},
{
"name": "42224",
"refsource": "OSVDB",
"url": "http://osvdb.org/42224"
}
]
}
}

220
2007/5xxx/CVE-2007-5466.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071015 eXtremail(ly easy) remote roots",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/482293"
},
{
"name" : "4533",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4533"
},
{
"name" : "4534",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4534"
},
{
"name" : "4535",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4535"
},
{
"name" : "http://www.digit-labs.org/files/exploits/extremail-v4.c",
"refsource" : "MISC",
"url" : "http://www.digit-labs.org/files/exploits/extremail-v4.c"
},
{
"name" : "http://www.digit-labs.org/files/exploits/extremail-v5.c",
"refsource" : "MISC",
"url" : "http://www.digit-labs.org/files/exploits/extremail-v5.c"
},
{
"name" : "http://www.digit-labs.org/files/exploits/extremail-v6.c",
"refsource" : "MISC",
"url" : "http://www.digit-labs.org/files/exploits/extremail-v6.c"
},
{
"name" : "http://www.digit-labs.org/files/exploits/extremail-v8.pl",
"refsource" : "MISC",
"url" : "http://www.digit-labs.org/files/exploits/extremail-v8.pl"
},
{
"name" : "26074",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26074"
},
{
"name" : "27220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27220"
},
{
"name" : "extremail-crammd5-bo(37209)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37209"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digit-labs.org/files/exploits/extremail-v4.c",
"refsource": "MISC",
"url": "http://www.digit-labs.org/files/exploits/extremail-v4.c"
},
{
"name": "4533",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4533"
},
{
"name": "27220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27220"
},
{
"name": "4535",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4535"
},
{
"name": "4534",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4534"
},
{
"name": "26074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26074"
},
{
"name": "http://www.digit-labs.org/files/exploits/extremail-v5.c",
"refsource": "MISC",
"url": "http://www.digit-labs.org/files/exploits/extremail-v5.c"
},
{
"name": "http://www.digit-labs.org/files/exploits/extremail-v8.pl",
"refsource": "MISC",
"url": "http://www.digit-labs.org/files/exploits/extremail-v8.pl"
},
{
"name": "extremail-crammd5-bo(37209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37209"
},
{
"name": "http://www.digit-labs.org/files/exploits/extremail-v6.c",
"refsource": "MISC",
"url": "http://www.digit-labs.org/files/exploits/extremail-v6.c"
},
{
"name": "20071015 eXtremail(ly easy) remote roots",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482293"
}
]
}
}

250
2007/5xxx/CVE-2007-5511.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5511",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071017 SQL Injection Flaw in Oracle Workspace Manager",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/482429/100/0/threaded"
},
{
"name" : "4570",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4570"
},
{
"name" : "4571",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4571"
},
{
"name" : "4572",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4572"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=119332677525918&w=2"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=119332677525918&w=2"
},
{
"name" : "26098",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26098"
},
{
"name" : "ADV-2007-3524",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3524"
},
{
"name" : "ADV-2007-3626",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3626"
},
{
"name" : "40079",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40079"
},
{
"name" : "1018823",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018823"
},
{
"name" : "27251",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27251"
},
{
"name" : "27409",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27409"
},
{
"name" : "3245",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3245"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071017 SQL Injection Flaw in Oracle Workspace Manager",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482429/100/0/threaded"
},
{
"name": "ADV-2007-3524",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3524"
},
{
"name": "26098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26098"
},
{
"name": "ADV-2007-3626",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3626"
},
{
"name": "4571",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4571"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=119332677525918&w=2"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=119332677525918&w=2"
},
{
"name": "4572",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4572"
},
{
"name": "40079",
"refsource": "OSVDB",
"url": "http://osvdb.org/40079"
},
{
"name": "1018823",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018823"
},
{
"name": "4570",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4570"
},
{
"name": "3245",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3245"
},
{
"name": "27409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27409"
},
{
"name": "27251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27251"
}
]
}
}

190
2007/5xxx/CVE-2007-5804.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the \"-p\" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071030 IBM AIX swcons Local Arbitrary File Access Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611"
},
{
"name" : "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar",
"refsource" : "CONFIRM",
"url" : "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar"
},
{
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405",
"refsource" : "CONFIRM",
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405"
},
{
"name" : "IZ03055",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055"
},
{
"name" : "IZ03061",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061"
},
{
"name" : "26258",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26258"
},
{
"name" : "27437",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27437"
},
{
"name" : "aix-swcons-insecure-permissions(38154)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38154"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the \"-p\" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aix-swcons-insecure-permissions(38154)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38154"
},
{
"name": "27437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27437"
},
{
"name": "26258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26258"
},
{
"name": "IZ03055",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055"
},
{
"name": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar",
"refsource": "CONFIRM",
"url": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar"
},
{
"name": "IZ03061",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061"
},
{
"name": "20071030 IBM AIX swcons Local Arbitrary File Access Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405"
}
]
}
}

170
2009/2xxx/CVE-2009-2980.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-15.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
},
{
"name" : "TA09-286B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
},
{
"name" : "36638",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36638"
},
{
"name" : "oval:org.mitre.oval:def:5964",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5964"
},
{
"name" : "1023007",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023007"
},
{
"name" : "ADV-2009-2898",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36638"
},
{
"name": "TA09-286B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
},
{
"name": "1023007",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023007"
},
{
"name": "oval:org.mitre.oval:def:5964",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5964"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
},
{
"name": "ADV-2009-2898",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2898"
}
]
}
}

150
2015/3xxx/CVE-2015-3069.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-3069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-205",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-205"
},
{
"name" : "https://helpx.adobe.com/security/products/reader/apsb15-10.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/reader/apsb15-10.html"
},
{
"name" : "74604",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74604"
},
{
"name" : "1032284",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032284"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74604"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-205",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-205"
},
{
"name": "https://helpx.adobe.com/security/products/reader/apsb15-10.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/reader/apsb15-10.html"
},
{
"name": "1032284",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032284"
}
]
}
}

34
2015/3xxx/CVE-2015-3635.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3635",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3635",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2015/3xxx/CVE-2015-3824.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3824",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-3824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[android-security-updates] 20150812 Nexus Security Bulletin (August 2015)",
"refsource" : "MLIST",
"url" : "https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/463a6f807e187828442949d1924e143cf07778c6",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/463a6f807e187828442949d1924e143cf07778c6"
},
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/hw-448928",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/hw-448928"
},
{
"name" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm",
"refsource" : "CONFIRM",
"url" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm"
},
{
"name" : "76052",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76052"
},
{
"name" : "1033094",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033094"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033094",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033094"
},
{
"name": "76052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76052"
},
{
"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm",
"refsource": "CONFIRM",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-448928",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-448928"
},
{
"name": "[android-security-updates] 20150812 Nexus Security Bulletin (August 2015)",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/463a6f807e187828442949d1924e143cf07778c6",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/463a6f807e187828442949d1924e143cf07778c6"
}
]
}
}

130
2015/4xxx/CVE-2015-4255.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP Gateway devices with software 2.0(3.34) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90734."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150709 Cisco TelePresence IP Gateway Cross-Site Request Forgery Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39798"
},
{
"name" : "1032838",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032838"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP Gateway devices with software 2.0(3.34) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90734."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032838"
},
{
"name": "20150709 Cisco TelePresence IP Gateway Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39798"
}
]
}
}

170
2015/4xxx/CVE-2015-4362.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name" : "https://www.drupal.org/node/2445961",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2445961"
},
{
"name" : "http://cgit.drupalcode.org/tracking_code/commit/?id=77c8c3d",
"refsource" : "CONFIRM",
"url" : "http://cgit.drupalcode.org/tracking_code/commit/?id=77c8c3d"
},
{
"name" : "https://www.drupal.org/node/2450135",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2450135"
},
{
"name" : "https://www.drupal.org/node/2453079",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2453079"
},
{
"name" : "72958",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72958"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72958",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72958"
},
{
"name": "https://www.drupal.org/node/2450135",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2450135"
},
{
"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name": "https://www.drupal.org/node/2445961",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2445961"
},
{
"name": "http://cgit.drupalcode.org/tracking_code/commit/?id=77c8c3d",
"refsource": "CONFIRM",
"url": "http://cgit.drupalcode.org/tracking_code/commit/?id=77c8c3d"
},
{
"name": "https://www.drupal.org/node/2453079",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2453079"
}
]
}
}

140
2015/4xxx/CVE-2015-4534.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4534",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name" : "76410",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76410"
},
{
"name" : "1033296",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76410"
}
]
}
}

140
2015/4xxx/CVE-2015-4770.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-4770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name" : "75880",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75880"
},
{
"name" : "1032914",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032914"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "1032914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032914"
},
{
"name": "75880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75880"
}
]
}
}

120
2015/7xxx/CVE-2015-7844.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2015-7844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FusionAccess V100R005C10,V100R005C20",
"version" : {
"version_data" : [
{
"version_value" : "FusionAccess V100R005C10,V100R005C20"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient Input Verification"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2015-7844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionAccess V100R005C10,V100R005C20",
"version": {
"version_data": [
{
"version_value": "FusionAccess V100R005C10,V100R005C20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/hw-453537",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/hw-453537"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Input Verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-453537",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-453537"
}
]
}
}

120
2015/8xxx/CVE-2015-8073.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-8073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[android-security-updates] 20151102 Nexus Security Bulletin (November 2015)",
"refsource" : "MLIST",
"url" : "https://groups.google.com/forum/message/raw?msg=android-security-updates/n1aw2MGce4E/jhpVEWDUCAAJ"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[android-security-updates] 20151102 Nexus Security Bulletin (November 2015)",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/n1aw2MGce4E/jhpVEWDUCAAJ"
}
]
}
}

130
2015/8xxx/CVE-2015-8299.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8299",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/134524/KNX-ETS-4.1.5-Build-3246-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/134524/KNX-ETS-4.1.5-Build-3246-Buffer-Overflow.html"
},
{
"name" : "https://github.com/sbaresearch/advisories/tree/public/2015/knAx_20150101",
"refsource" : "MISC",
"url" : "https://github.com/sbaresearch/advisories/tree/public/2015/knAx_20150101"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/134524/KNX-ETS-4.1.5-Build-3246-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134524/KNX-ETS-4.1.5-Build-3246-Buffer-Overflow.html"
},
{
"name": "https://github.com/sbaresearch/advisories/tree/public/2015/knAx_20150101",
"refsource": "MISC",
"url": "https://github.com/sbaresearch/advisories/tree/public/2015/knAx_20150101"
}
]
}
}

210
2015/8xxx/CVE-2015-8385.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8385",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20151128 Re: Heap Overflow in PCRE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/11/29/1"
},
{
"name" : "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"refsource" : "CONFIRM",
"url" : "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa128",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"name" : "GLSA-201607-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201607-02"
},
{
"name" : "RHSA-2016:1025",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name" : "RHSA-2016:1132",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"name" : "RHSA-2016:2750",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name" : "85572",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/85572"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151128 Re: Heap Overflow in PCRE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
},
{
"name": "85572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85572"
},
{
"name": "RHSA-2016:1132",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name": "RHSA-2016:2750",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa128",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"name": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"refsource": "CONFIRM",
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
},
{
"name": "GLSA-201607-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-02"
}
]
}
}

180
2015/8xxx/CVE-2015-8404.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-8404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html"
},
{
"name" : "GLSA-201601-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201601-03"
},
{
"name" : "SUSE-SU-2015:2236",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html"
},
{
"name" : "SUSE-SU-2015:2247",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html"
},
{
"name" : "openSUSE-SU-2015:2239",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html"
},
{
"name" : "78715",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/78715"
},
{
"name" : "1034318",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034318"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:2239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html"
},
{
"name": "78715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78715"
},
{
"name": "SUSE-SU-2015:2236",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html"
},
{
"name": "SUSE-SU-2015:2247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html"
},
{
"name": "1034318",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034318"
},
{
"name": "GLSA-201601-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201601-03"
}
]
}
}

290
2015/8xxx/CVE-2015-8569.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2015-8569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20151214 Information leak in pptp_bind",
"refsource" : "MLIST",
"url" : "https://lkml.org/lkml/2015/12/14/252"
},
{
"name" : "[oss-security] 20151215 Re: CVE Request: Linux Kernel: information leak from getsockname",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/12/15/11"
},
{
"name" : "http://twitter.com/grsecurity/statuses/676744240802750464",
"refsource" : "MISC",
"url" : "http://twitter.com/grsecurity/statuses/676744240802750464"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1292045",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1292045"
},
{
"name" : "https://github.com/torvalds/linux/commit/09ccfd238e5a0e670d8178cf50180ea81ae09ae1",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/09ccfd238e5a0e670d8178cf50180ea81ae09ae1"
},
{
"name" : "DSA-3434",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3434"
},
{
"name" : "FEDORA-2016-5d43766e33",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"
},
{
"name" : "SUSE-SU-2016:2074",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name" : "SUSE-SU-2016:0911",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
},
{
"name" : "SUSE-SU-2016:1102",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
},
{
"name" : "USN-2886-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2886-1"
},
{
"name" : "USN-2888-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2888-1"
},
{
"name" : "USN-2890-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2890-1"
},
{
"name" : "USN-2890-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2890-2"
},
{
"name" : "USN-2890-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2890-3"
},
{
"name" : "79428",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/79428"
},
{
"name" : "1034549",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034549"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151215 Re: CVE Request: Linux Kernel: information leak from getsockname",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/15/11"
},
{
"name": "USN-2886-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2886-1"
},
{
"name": "USN-2890-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2890-3"
},
{
"name": "79428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79428"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1"
},
{
"name": "http://twitter.com/grsecurity/statuses/676744240802750464",
"refsource": "MISC",
"url": "http://twitter.com/grsecurity/statuses/676744240802750464"
},
{
"name": "SUSE-SU-2016:1102",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
},
{
"name": "[linux-kernel] 20151214 Information leak in pptp_bind",
"refsource": "MLIST",
"url": "https://lkml.org/lkml/2015/12/14/252"
},
{
"name": "FEDORA-2016-5d43766e33",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "USN-2890-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2890-2"
},
{
"name": "https://github.com/torvalds/linux/commit/09ccfd238e5a0e670d8178cf50180ea81ae09ae1",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/09ccfd238e5a0e670d8178cf50180ea81ae09ae1"
},
{
"name": "1034549",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034549"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1292045",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1292045"
},
{
"name": "USN-2890-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2890-1"
},
{
"name": "DSA-3434",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3434"
},
{
"name": "USN-2888-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2888-1"
},
{
"name": "SUSE-SU-2016:0911",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
}
]
}
}

190
2016/1xxx/CVE-2016-1017.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1017",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-1017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-225/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-225/"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
},
{
"name" : "MS16-050",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050"
},
{
"name" : "RHSA-2016:0610",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
},
{
"name" : "SUSE-SU-2016:1305",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
},
{
"name" : "openSUSE-SU-2016:1306",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
},
{
"name" : "85926",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/85926"
},
{
"name" : "1035509",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035509"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1305",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
},
{
"name": "openSUSE-SU-2016:1306",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
},
{
"name": "85926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85926"
},
{
"name": "RHSA-2016:0610",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-225/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-225/"
},
{
"name": "1035509",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035509"
},
{
"name": "MS16-050",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
}
]
}
}

180
2016/1xxx/CVE-2016-1842.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1842",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT206566",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206566"
},
{
"name" : "https://support.apple.com/HT206567",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206567"
},
{
"name" : "https://support.apple.com/HT206568",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206568"
},
{
"name" : "APPLE-SA-2016-05-16-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
},
{
"name" : "APPLE-SA-2016-05-16-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html"
},
{
"name" : "APPLE-SA-2016-05-16-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
},
{
"name" : "1035890",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035890"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT206567",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206567"
},
{
"name": "APPLE-SA-2016-05-16-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
},
{
"name": "https://support.apple.com/HT206566",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206566"
},
{
"name": "APPLE-SA-2016-05-16-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html"
},
{
"name": "1035890",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035890"
},
{
"name": "APPLE-SA-2016-05-16-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
},
{
"name": "https://support.apple.com/HT206568",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206568"
}
]
}
}

120
2016/5xxx/CVE-2016-5367.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160607-01-honorrouter-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160607-01-honorrouter-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160607-01-honorrouter-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160607-01-honorrouter-en"
}
]
}
}

34
2018/2xxx/CVE-2018-2515.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2515",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-2815. Reason: This candidate is a duplicate of CVE-2018-2815. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2018-2815 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2515",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-2815. Reason: This candidate is a duplicate of CVE-2018-2815. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2018-2815 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

34
2018/2xxx/CVE-2018-2531.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2531",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-2531",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2018/2xxx/CVE-2018-2918.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2918",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sun ZFS Storage Appliance Kit (AK) Software",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "8.7.18"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sun ZFS Storage Appliance Kit (AK) Software",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.7.18"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104783",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104783"
},
{
"name" : "1041303",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041303"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104783"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041303",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041303"
}
]
}
}

142
2018/2xxx/CVE-2018-2932.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2932",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SuperCluster Specific Software",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "2.5.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: SuperCluster Virtual Assistant). The supported version that is affected is Prior to 2.5.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle SuperCluster Specific Software. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SuperCluster Specific Software accessible data as well as unauthorized update, insert or delete access to some of Oracle SuperCluster Specific Software accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SuperCluster Specific Software. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle SuperCluster Specific Software. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SuperCluster Specific Software accessible data as well as unauthorized update, insert or delete access to some of Oracle SuperCluster Specific Software accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SuperCluster Specific Software."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SuperCluster Specific Software",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.5.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104812",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104812"
},
{
"name" : "1041303",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041303"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: SuperCluster Virtual Assistant). The supported version that is affected is Prior to 2.5.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle SuperCluster Specific Software. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SuperCluster Specific Software accessible data as well as unauthorized update, insert or delete access to some of Oracle SuperCluster Specific Software accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SuperCluster Specific Software. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle SuperCluster Specific Software. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SuperCluster Specific Software accessible data as well as unauthorized update, insert or delete access to some of Oracle SuperCluster Specific Software accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SuperCluster Specific Software."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041303",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041303"
},
{
"name": "104812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104812"
}
]
}
}

120
2018/6xxx/CVE-2018-6308.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\\Campaigns\\Tracker.php and modules\\Campaigns\\utils.php, the default_currency_name parameter to modules\\Configurator\\controller.php and modules\\Currencies\\Currency.php, the duplicate parameter to modules\\Contacts\\ShowDuplicates.php, the mergecur parameter to modules\\Currencies\\index.php and modules\\Opportunities\\Opportunity.php, and the load_signed_id parameter to modules\\Documents\\Document.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.defensecode.com/advisories/DC-2018-01-011_SugarCRM_Community_Edition_Advisory.pdf",
"refsource" : "MISC",
"url" : "http://www.defensecode.com/advisories/DC-2018-01-011_SugarCRM_Community_Edition_Advisory.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\\Campaigns\\Tracker.php and modules\\Campaigns\\utils.php, the default_currency_name parameter to modules\\Configurator\\controller.php and modules\\Currencies\\Currency.php, the duplicate parameter to modules\\Contacts\\ShowDuplicates.php, the mergecur parameter to modules\\Currencies\\index.php and modules\\Opportunities\\Opportunity.php, and the load_signed_id parameter to modules\\Documents\\Document.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.defensecode.com/advisories/DC-2018-01-011_SugarCRM_Community_Edition_Advisory.pdf",
"refsource": "MISC",
"url": "http://www.defensecode.com/advisories/DC-2018-01-011_SugarCRM_Community_Edition_Advisory.pdf"
}
]
}
}

34
2019/0xxx/CVE-2019-0065.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0065",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0065",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0232.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0232",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0232",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

196
2019/0xxx/CVE-2019-0568.json
View File

@ -1,100 +1,100 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2019-0568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value" : "Windows Server 2019"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
{
"version_value" : "ChakraCore"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0567."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "Windows Server 2019"
}
]
}
},
{
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value": "ChakraCore"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "46205",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46205/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0568",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0568"
},
{
"name" : "106420",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106420"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0567."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0568",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0568"
},
{
"name": "106420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106420"
},
{
"name": "46205",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46205/"
}
]
}
}

34
2019/0xxx/CVE-2019-0717.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0717",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0717",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2019/1xxx/CVE-2019-1647.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-23T16:00:00-0800",
"ID" : "CVE-2019-1647",
"STATE" : "PUBLIC",
"TITLE" : "Cisco SD-WAN Solution Unauthorized Access Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco SD-WAN Solution ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "8.0",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-284"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-23T16:00:00-0800",
"ID": "CVE-2019-1647",
"STATE": "PUBLIC",
"TITLE": "Cisco SD-WAN Solution Unauthorized Access Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco SD-WAN Solution ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190123 Cisco SD-WAN Solution Unauthorized Access Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-unaccess"
},
{
"name" : "106705",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106705"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190123-sdwan-unaccess",
"defect" : [
[
"CSCvm25940"
]
],
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "8.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190123 Cisco SD-WAN Solution Unauthorized Access Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-unaccess"
},
{
"name": "106705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106705"
}
]
},
"source": {
"advisory": "cisco-sa-20190123-sdwan-unaccess",
"defect": [
[
"CSCvm25940"
]
],
"discovery": "INTERNAL"
}
}

34
2019/1xxx/CVE-2019-1769.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1769",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1769",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1784.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1784",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1784",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4302.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4302",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4302",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4371.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4371",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4371",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4681.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4681",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4681",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5296.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5296",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5296",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5321.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5321",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5321",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5329.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5329",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5329",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5444.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5444",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5444",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5499.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5499",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5499",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}