admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:49:50 +00:00
parent 5d1937d0b5
commit f10fbe1944
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
62 changed files with 3394 additions and 3394 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2007/3xxx/CVE-2007-3307.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4078",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4078"
},
{
"name" : "24519",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24519"
},
{
"name" : "36303",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36303"
},
{
"name" : "25716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25716"
},
{
"name" : "solarempire-gamelisting-sql-injection(34909)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34909"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "solarempire-gamelisting-sql-injection(34909)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34909"
},
{
"name": "4078",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4078"
},
{
"name": "25716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25716"
},
{
"name": "36303",
"refsource": "OSVDB",
"url": "http://osvdb.org/36303"
},
{
"name": "24519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24519"
}
]
}
}

160
2007/3xxx/CVE-2007-3371.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4090",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4090"
},
{
"name" : "24589",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24589"
},
{
"name" : "ADV-2007-2306",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2306"
},
{
"name" : "36368",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36368"
},
{
"name" : "powl-htmledit-file-include(35005)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35005"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "powl-htmledit-file-include(35005)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35005"
},
{
"name": "ADV-2007-2306",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2306"
},
{
"name": "36368",
"refsource": "OSVDB",
"url": "http://osvdb.org/36368"
},
{
"name": "4090",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4090"
},
{
"name": "24589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24589"
}
]
}
}

150
2007/3xxx/CVE-2007-3530.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070702 PHPDirector <= 0.21 (SQL injection/Upload SHELL) Remote Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/472661/100/0/threaded"
},
{
"name" : "4139",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/4139"
},
{
"name" : "39718",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39718"
},
{
"name" : "phpdirector-cmd-file-upload(35222)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35222"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39718",
"refsource": "OSVDB",
"url": "http://osvdb.org/39718"
},
{
"name": "20070702 PHPDirector <= 0.21 (SQL injection/Upload SHELL) Remote Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472661/100/0/threaded"
},
{
"name": "phpdirector-cmd-file-upload(35222)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35222"
},
{
"name": "4139",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/4139"
}
]
}
}

140
2007/4xxx/CVE-2007-4148.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4148",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to cause a denial of service (persistent daemon crashes) or execute arbitrary code via a long filename in a \"LOG.\" command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.portcullis.co.uk/uplds/advisories/vaheapoverflow%20-%2006_040.txt",
"refsource" : "MISC",
"url" : "http://www.portcullis.co.uk/uplds/advisories/vaheapoverflow%20-%2006_040.txt"
},
{
"name" : "25153",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25153"
},
{
"name" : "46977",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/46977"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to cause a denial of service (persistent daemon crashes) or execute arbitrary code via a long filename in a \"LOG.\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25153"
},
{
"name": "http://www.portcullis.co.uk/uplds/advisories/vaheapoverflow%20-%2006_040.txt",
"refsource": "MISC",
"url": "http://www.portcullis.co.uk/uplds/advisories/vaheapoverflow%20-%2006_040.txt"
},
{
"name": "46977",
"refsource": "OSVDB",
"url": "http://osvdb.org/46977"
}
]
}
}

170
2007/4xxx/CVE-2007-4377.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=118710179924684&w=2"
},
{
"name" : "4287",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4287"
},
{
"name" : "25318",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25318"
},
{
"name" : "ADV-2007-2875",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2875"
},
{
"name" : "26464",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26464"
},
{
"name" : "surgemail-imap-code-execution(36009)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=118710179924684&w=2"
},
{
"name": "ADV-2007-2875",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2875"
},
{
"name": "4287",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4287"
},
{
"name": "surgemail-imap-code-execution(36009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
},
{
"name": "26464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26464"
},
{
"name": "25318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25318"
}
]
}
}

160
2007/4xxx/CVE-2007-4714.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4714",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in error_view.php in Yvora 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4353",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4353"
},
{
"name" : "25511",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25511"
},
{
"name" : "ADV-2007-3090",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3090"
},
{
"name" : "38426",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38426"
},
{
"name" : "yvora-errorview-sql-injection(36415)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36415"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in error_view.php in Yvora 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38426",
"refsource": "OSVDB",
"url": "http://osvdb.org/38426"
},
{
"name": "yvora-errorview-sql-injection(36415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36415"
},
{
"name": "25511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25511"
},
{
"name": "4353",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4353"
},
{
"name": "ADV-2007-3090",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3090"
}
]
}
}

160
2007/4xxx/CVE-2007-4964.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WinImage 8.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via an invalid BPB_BytsPerSec field in the header of a .IMG file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070915 WinImage 8.10 vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/479695/100/0/threaded"
},
{
"name" : "25687",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25687"
},
{
"name" : "45950",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/45950"
},
{
"name" : "3140",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3140"
},
{
"name" : "winimage-fat-dos(36669)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36669"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WinImage 8.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via an invalid BPB_BytsPerSec field in the header of a .IMG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070915 WinImage 8.10 vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479695/100/0/threaded"
},
{
"name": "45950",
"refsource": "OSVDB",
"url": "http://osvdb.org/45950"
},
{
"name": "winimage-fat-dos(36669)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36669"
},
{
"name": "3140",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3140"
},
{
"name": "25687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25687"
}
]
}
}

290
2007/6xxx/CVE-2007-6246.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb07-20.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
},
{
"name" : "GLSA-200801-07",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"name" : "RHSA-2007:1126",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
},
{
"name" : "238305",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name" : "SUSE-SA:2007:069",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"name" : "TA07-355A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"name" : "26929",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26929"
},
{
"name" : "26965",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26965"
},
{
"name" : "oval:org.mitre.oval:def:10519",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10519"
},
{
"name" : "ADV-2007-4258",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4258"
},
{
"name" : "ADV-2008-1724",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name" : "1019116",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019116"
},
{
"name" : "28157",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28157"
},
{
"name" : "28161",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28161"
},
{
"name" : "28570",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28570"
},
{
"name" : "28213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28213"
},
{
"name" : "30507",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30507"
},
{
"name" : "adobe-memory-privilege-escalation(39136)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39136"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2007:069",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"name": "28157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28157"
},
{
"name": "adobe-memory-privilege-escalation(39136)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39136"
},
{
"name": "30507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30507"
},
{
"name": "oval:org.mitre.oval:def:10519",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10519"
},
{
"name": "28570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28570"
},
{
"name": "ADV-2008-1724",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name": "TA07-355A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"name": "GLSA-200801-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"name": "26929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26929"
},
{
"name": "28161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28161"
},
{
"name": "RHSA-2007:1126",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
},
{
"name": "26965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26965"
},
{
"name": "238305",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "ADV-2007-4258",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4258"
},
{
"name": "1019116",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019116"
},
{
"name": "28213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28213"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb07-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
}
]
}
}

160
2007/6xxx/CVE-2007-6279.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6279",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "AD20071115",
"refsource" : "EEYE",
"url" : "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name" : "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
},
{
"name" : "VU#544656",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/544656"
},
{
"name" : "1018974",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018974"
},
{
"name" : "3423",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3423"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "AD20071115",
"refsource": "EEYE",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
]
}
}

160
2007/6xxx/CVE-2007-6400.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in download_file.php in PolDoc CMS (aka PDDMS) 0.96 allows remote attackers to read arbitrary files via a .. (dot dot) or absolute pathname in the filename parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4704",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4704"
},
{
"name" : "26775",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26775"
},
{
"name" : "ADV-2007-4159",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4159"
},
{
"name" : "28013",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28013"
},
{
"name" : "poldoc-downloadfile-directory-traversal(38937)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38937"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in download_file.php in PolDoc CMS (aka PDDMS) 0.96 allows remote attackers to read arbitrary files via a .. (dot dot) or absolute pathname in the filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "poldoc-downloadfile-directory-traversal(38937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38937"
},
{
"name": "26775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26775"
},
{
"name": "28013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28013"
},
{
"name": "4704",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4704"
},
{
"name": "ADV-2007-4159",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4159"
}
]
}
}

140
2007/6xxx/CVE-2007-6555.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4783",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4783"
},
{
"name" : "27014",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27014"
},
{
"name" : "40023",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4783",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4783"
},
{
"name": "40023",
"refsource": "OSVDB",
"url": "http://osvdb.org/40023"
},
{
"name": "27014",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27014"
}
]
}
}

200
2007/6xxx/CVE-2007-6570.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view",
"refsource" : "CONFIRM",
"url" : "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view"
},
{
"name" : "http://docs.sun.com/source/820-3637-10/relnotes36sp11_unix.html#wp19247",
"refsource" : "CONFIRM",
"url" : "http://docs.sun.com/source/820-3637-10/relnotes36sp11_unix.html#wp19247"
},
{
"name" : "103002",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name" : "26978",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26978"
},
{
"name" : "ADV-2007-4313",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4313"
},
{
"name" : "40851",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40851"
},
{
"name" : "28186",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28186"
},
{
"name" : "28216",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28216"
},
{
"name" : "javasystem-proxy-viewurl-xss(43976)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43976"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26978"
},
{
"name": "28216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28216"
},
{
"name": "103002",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name": "28186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28186"
},
{
"name": "javasystem-proxy-viewurl-xss(43976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43976"
},
{
"name": "40851",
"refsource": "OSVDB",
"url": "http://osvdb.org/40851"
},
{
"name": "http://docs.sun.com/source/820-3637-10/relnotes36sp11_unix.html#wp19247",
"refsource": "CONFIRM",
"url": "http://docs.sun.com/source/820-3637-10/relnotes36sp11_unix.html#wp19247"
},
{
"name": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view",
"refsource": "CONFIRM",
"url": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view"
},
{
"name": "ADV-2007-4313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
]
}
}

140
2014/1xxx/CVE-2014-1352.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1352",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2014-06-30-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name" : "68276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68276"
},
{
"name" : "1030500",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030500"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68276"
},
{
"name": "APPLE-SA-2014-06-30-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "1030500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030500"
}
]
}
}

120
2014/1xxx/CVE-2014-1828.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1828",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad devices allows remote attackers to cause a denial of service (disk consumption) by uploading a large file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.madirish.net/559",
"refsource" : "MISC",
"url" : "http://www.madirish.net/559"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad devices allows remote attackers to cause a denial of service (disk consumption) by uploading a large file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.madirish.net/559",
"refsource": "MISC",
"url": "http://www.madirish.net/559"
}
]
}
}

130
2014/1xxx/CVE-2014-1931.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1931",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related information via a series of requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details",
"refsource" : "CONFIRM",
"url" : "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details"
},
{
"name" : "65564",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65564"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related information via a series of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65564"
},
{
"name": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details",
"refsource": "CONFIRM",
"url": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details"
}
]
}
}

34
2014/5xxx/CVE-2014-5209.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5209",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5209",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/5xxx/CVE-2014-5366.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5366",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5366",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2014/5xxx/CVE-2014-5460.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5460",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140830 WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533281/100/0/threaded"
},
{
"name" : "34514",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/34514"
},
{
"name" : "34681",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/34681"
},
{
"name" : "http://packetstormsecurity.com/files/128069/WordPress-Slideshow-Gallery-1.4.6-Shell-Upload.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128069/WordPress-Slideshow-Gallery-1.4.6-Shell-Upload.html"
},
{
"name" : "http://whitexploit.blogspot.mx/2014/08/wordpress-slideshow-gallery-146-shell.html",
"refsource" : "MISC",
"url" : "http://whitexploit.blogspot.mx/2014/08/wordpress-slideshow-gallery-146-shell.html"
},
{
"name" : "https://wordpress.org/plugins/slideshow-gallery/changelog",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/slideshow-gallery/changelog"
},
{
"name" : "60074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60074"
},
{
"name" : "wp-slideshowgallery-cve20145460-shell-upload(95676)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95676"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34681",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34681"
},
{
"name": "http://packetstormsecurity.com/files/128069/WordPress-Slideshow-Gallery-1.4.6-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128069/WordPress-Slideshow-Gallery-1.4.6-Shell-Upload.html"
},
{
"name": "http://whitexploit.blogspot.mx/2014/08/wordpress-slideshow-gallery-146-shell.html",
"refsource": "MISC",
"url": "http://whitexploit.blogspot.mx/2014/08/wordpress-slideshow-gallery-146-shell.html"
},
{
"name": "20140830 WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533281/100/0/threaded"
},
{
"name": "60074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60074"
},
{
"name": "34514",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34514"
},
{
"name": "https://wordpress.org/plugins/slideshow-gallery/changelog",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/slideshow-gallery/changelog"
},
{
"name": "wp-slideshowgallery-cve20145460-shell-upload(95676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95676"
}
]
}
}

140
2014/5xxx/CVE-2014-5644.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Brightest LED Flashlight (aka com.intellectualflame.ledflashlight.washer) application 1.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#272385",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/272385"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Brightest LED Flashlight (aka com.intellectualflame.ledflashlight.washer) application 1.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#272385",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/272385"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/5xxx/CVE-2014-5715.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Street Racing (aka com.tgb.streetracing.lite5pp) application 4.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#420489",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/420489"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Street Racing (aka com.tgb.streetracing.lite5pp) application 4.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#420489",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/420489"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/5xxx/CVE-2014-5752.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5752",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The wTradersActivity (aka com.wTradersActivity) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#467305",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/467305"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wTradersActivity (aka com.wTradersActivity) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#467305",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/467305"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/5xxx/CVE-2014-5919.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SurDoc - 100GB+ FREE storage (aka com.jd.surdoc) application 1.3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#361177",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/361177"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SurDoc - 100GB+ FREE storage (aka com.jd.surdoc) application 1.3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#361177",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/361177"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

180
2015/2xxx/CVE-2015-2149.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2149",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types module to admin/index.php; (2) title or (3) short description field in an add action in the (a) config-mycode or (b) user-groups module to admin/index.php; (4) title field in an add action in the (c) forum-management or (d) tool-tasks module to admin/index.php; (5) name field in an add_set action in the style-templates module to admin/index.php; (6) title field in an add_template_group action in the style-templates module to admin/index.php; (7) name field in an add action in the config-post_icons module to admin/index.php; (8) \"title to assign\" field in an add action in the user-titles module to admin/index.php; or (9) username field in the config-banning module to admin/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150221 Multiple stored XSS-vulnerabilities in MyBB v. 1.8.3",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Feb/80"
},
{
"name" : "[oss-security] 20150221 CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q1/629"
},
{
"name" : "[oss-security] 20150227 Re: CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q1/705"
},
{
"name" : "http://sroesemann.blogspot.de/2015/02/sroeadv-2015-15.html",
"refsource" : "MISC",
"url" : "http://sroesemann.blogspot.de/2015/02/sroeadv-2015-15.html"
},
{
"name" : "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/",
"refsource" : "CONFIRM",
"url" : "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/"
},
{
"name" : "72738",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72738"
},
{
"name" : "1031953",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031953"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types module to admin/index.php; (2) title or (3) short description field in an add action in the (a) config-mycode or (b) user-groups module to admin/index.php; (4) title field in an add action in the (c) forum-management or (d) tool-tasks module to admin/index.php; (5) name field in an add_set action in the style-templates module to admin/index.php; (6) title field in an add_template_group action in the style-templates module to admin/index.php; (7) name field in an add action in the config-post_icons module to admin/index.php; (8) \"title to assign\" field in an add action in the user-titles module to admin/index.php; or (9) username field in the config-banning module to admin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/",
"refsource": "CONFIRM",
"url": "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/"
},
{
"name": "72738",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72738"
},
{
"name": "[oss-security] 20150221 CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/629"
},
{
"name": "http://sroesemann.blogspot.de/2015/02/sroeadv-2015-15.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2015/02/sroeadv-2015-15.html"
},
{
"name": "20150221 Multiple stored XSS-vulnerabilities in MyBB v. 1.8.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Feb/80"
},
{
"name": "1031953",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031953"
},
{
"name": "[oss-security] 20150227 Re: CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/705"
}
]
}
}

150
2015/6xxx/CVE-2015-6030.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-6030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416"
},
{
"name" : "VU#842252",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/842252"
},
{
"name" : "1034072",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034072"
},
{
"name" : "1034073",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034073"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034073",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034073"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416"
},
{
"name": "1034072",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034072"
},
{
"name": "VU#842252",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/842252"
}
]
}
}

140
2015/6xxx/CVE-2015-6512.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37592",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37592/"
},
{
"name" : "http://packetstormsecurity.com/files/132673/FreiChat-9.6-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132673/FreiChat-9.6-SQL-Injection.html"
},
{
"name" : "http://security.szurek.pl/freichat-96-sql-injection.html",
"refsource" : "MISC",
"url" : "http://security.szurek.pl/freichat-96-sql-injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132673/FreiChat-9.6-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132673/FreiChat-9.6-SQL-Injection.html"
},
{
"name": "37592",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37592/"
},
{
"name": "http://security.szurek.pl/freichat-96-sql-injection.html",
"refsource": "MISC",
"url": "http://security.szurek.pl/freichat-96-sql-injection.html"
}
]
}
}

130
2015/6xxx/CVE-2015-6671.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/edx/edx-platform/pull/9471",
"refsource" : "CONFIRM",
"url" : "https://github.com/edx/edx-platform/pull/9471"
},
{
"name" : "https://open.edx.org/CVE-2015-6671",
"refsource" : "CONFIRM",
"url" : "https://open.edx.org/CVE-2015-6671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/edx/edx-platform/pull/9471",
"refsource": "CONFIRM",
"url": "https://github.com/edx/edx-platform/pull/9471"
},
{
"name": "https://open.edx.org/CVE-2015-6671",
"refsource": "CONFIRM",
"url": "https://open.edx.org/CVE-2015-6671"
}
]
}
}

140
2016/0xxx/CVE-2016-0158.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0158",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka \"Microsoft Edge Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0161."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-233",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-233"
},
{
"name" : "MS16-038",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-038"
},
{
"name" : "1035522",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035522"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka \"Microsoft Edge Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0161."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-233",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-233"
},
{
"name": "1035522",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035522"
},
{
"name": "MS16-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-038"
}
]
}
}

130
2016/0xxx/CVE-2016-0929.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"ID" : "CVE-2016-0929",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2016-0929",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2016-0929"
},
{
"name" : "91801",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91801"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-0929",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-0929"
},
{
"name": "91801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91801"
}
]
}
}

142
2016/10xxx/CVE-2016-10234.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-04-03T00:00:00",
"ID" : "CVE-2016-10234",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-04-03T00:00:00",
"ID": "CVE-2016-10234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name" : "97365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97365"
},
{
"name" : "1038201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97365"
},
{
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
}

130
2016/10xxx/CVE-2016-10509.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/opencart/opencart/commit/b95044da6ac608e7239f7949ff21d3b65be68f82",
"refsource" : "CONFIRM",
"url" : "https://github.com/opencart/opencart/commit/b95044da6ac608e7239f7949ff21d3b65be68f82"
},
{
"name" : "https://github.com/opencart/opencart/issues/4114",
"refsource" : "CONFIRM",
"url" : "https://github.com/opencart/opencart/issues/4114"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/opencart/opencart/issues/4114",
"refsource": "CONFIRM",
"url": "https://github.com/opencart/opencart/issues/4114"
},
{
"name": "https://github.com/opencart/opencart/commit/b95044da6ac608e7239f7949ff21d3b65be68f82",
"refsource": "CONFIRM",
"url": "https://github.com/opencart/opencart/commit/b95044da6ac608e7239f7949ff21d3b65be68f82"
}
]
}
}

132
2016/10xxx/CVE-2016-10553.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10553",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "sequelize node module",
"version" : {
"version_data" : [
{
"version_value" : "<= 2.1.3"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection (CWE-89)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sequelize node module",
"version": {
"version_data": [
{
"version_value": "<= 2.1.3"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sequelize/sequelize/blob/master/changelog.md#300",
"refsource" : "MISC",
"url" : "https://github.com/sequelize/sequelize/blob/master/changelog.md#300"
},
{
"name" : "https://nodesecurity.io/advisories/109",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/109"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection (CWE-89)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/109",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/109"
},
{
"name": "https://github.com/sequelize/sequelize/blob/master/changelog.md#300",
"refsource": "MISC",
"url": "https://github.com/sequelize/sequelize/blob/master/changelog.md#300"
}
]
}
}

34
2016/4xxx/CVE-2016-4013.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4013",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4013",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2016/4xxx/CVE-2016-4031.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4031",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004",
"refsource" : "MISC",
"url" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"
},
{
"name" : "97703",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97703"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004",
"refsource": "MISC",
"url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"
},
{
"name": "97703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97703"
}
]
}
}

150
2016/4xxx/CVE-2016-4055.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a \"regular expression Denial of Service (ReDoS).\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160420 various vulnerabilities in Node.js packages",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/04/20/11"
},
{
"name" : "https://nodesecurity.io/advisories/55",
"refsource" : "CONFIRM",
"url" : "https://nodesecurity.io/advisories/55"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "95849",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95849"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a \"regular expression Denial of Service (ReDoS).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "https://nodesecurity.io/advisories/55",
"refsource": "CONFIRM",
"url": "https://nodesecurity.io/advisories/55"
},
{
"name": "[oss-security] 20160420 various vulnerabilities in Node.js packages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
},
{
"name": "95849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95849"
}
]
}
}

140
2016/4xxx/CVE-2016-4304.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-4304",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Internet Security",
"version" : {
"version_data" : [
{
"version_value" : "16.0.0, KLIF driver version 10.0.0.1532"
}
]
}
}
]
},
"vendor_name" : "Kaspersky"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Security",
"version": {
"version_data": [
{
"version_value": "16.0.0, KLIF driver version 10.0.0.1532"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0166/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0166/"
},
{
"name" : "1036702",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036702"
},
{
"name" : "1036703",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036703"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036702",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036702"
},
{
"name": "1036703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036703"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0166/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0166/"
}
]
}
}

150
2016/4xxx/CVE-2016-4473.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1347772",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1347772"
},
{
"name" : "RHSA-2016:2750",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name" : "SUSE-SU-2016:2460",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00007.html"
},
{
"name" : "98999",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98999"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:2460",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00007.html"
},
{
"name": "RHSA-2016:2750",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "98999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98999"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1347772",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347772"
}
]
}
}

180
2016/4xxx/CVE-2016-4657.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-4657",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44836",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44836/"
},
{
"name" : "https://blog.lookout.com/blog/2016/08/25/trident-pegasus/",
"refsource" : "MISC",
"url" : "https://blog.lookout.com/blog/2016/08/25/trident-pegasus/"
},
{
"name" : "https://www.youtube.com/watch?v=xkdPjbaLngE",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=xkdPjbaLngE"
},
{
"name" : "https://support.apple.com/HT207107",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207107"
},
{
"name" : "APPLE-SA-2016-08-25-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Aug/msg00000.html"
},
{
"name" : "92653",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92653"
},
{
"name" : "1036694",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036694"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.lookout.com/blog/2016/08/25/trident-pegasus/",
"refsource": "MISC",
"url": "https://blog.lookout.com/blog/2016/08/25/trident-pegasus/"
},
{
"name": "https://www.youtube.com/watch?v=xkdPjbaLngE",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=xkdPjbaLngE"
},
{
"name": "44836",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44836/"
},
{
"name": "92653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92653"
},
{
"name": "https://support.apple.com/HT207107",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207107"
},
{
"name": "APPLE-SA-2016-08-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Aug/msg00000.html"
},
{
"name": "1036694",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036694"
}
]
}
}

180
2016/4xxx/CVE-2016-4688.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-4688",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted font."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207269",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207269"
},
{
"name" : "https://support.apple.com/HT207270",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207270"
},
{
"name" : "https://support.apple.com/HT207271",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207271"
},
{
"name" : "https://support.apple.com/HT207275",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207275"
},
{
"name" : "https://support.apple.com/HT207487",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207487"
},
{
"name" : "94572",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94572"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207271",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207271"
},
{
"name": "94572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94572"
},
{
"name": "https://support.apple.com/HT207487",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207487"
},
{
"name": "https://support.apple.com/HT207269",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207269"
},
{
"name": "https://support.apple.com/HT207270",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207270"
},
{
"name": "https://support.apple.com/HT207275",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207275"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
}
]
}
}

200
2016/8xxx/CVE-2016-8910.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161024 CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/24/2"
},
{
"name" : "[oss-security] 20161024 Re: CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/24/5"
},
{
"name" : "[qemu-devel] 20161024 [PATCH] net: rtl8139: limit processing of ring descript",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html"
},
{
"name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name" : "GLSA-201611-11",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-11"
},
{
"name" : "RHSA-2017:2392",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name" : "RHSA-2017:2408",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name" : "openSUSE-SU-2016:3237",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name" : "93844",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93844"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161024 Re: CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/5"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93844"
},
{
"name": "[qemu-devel] 20161024 [PATCH] net: rtl8139: limit processing of ring descript",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html"
},
{
"name": "[oss-security] 20161024 CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/2"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
]
}
}

140
2016/9xxx/CVE-2016-9562.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://erpscan.io/advisories/erpscan-16-033-sap-netweaver-java-icman-dos-vulnerability/",
"refsource" : "MISC",
"url" : "https://erpscan.io/advisories/erpscan-16-033-sap-netweaver-java-icman-dos-vulnerability/"
},
{
"name" : "92418",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92418"
},
{
"name" : "95363",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95363"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92418"
},
{
"name": "https://erpscan.io/advisories/erpscan-16-033-sap-netweaver-java-icman-dos-vulnerability/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-16-033-sap-netweaver-java-icman-dos-vulnerability/"
},
{
"name": "95363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95363"
}
]
}
}

34
2016/9xxx/CVE-2016-9620.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9620",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9620",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/9xxx/CVE-2016-9945.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9945",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9945",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2250.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2250",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2250",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2019/2xxx/CVE-2019-2413.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Valid Session). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "46187",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46187/"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106603",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106603"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Valid Session). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106603"
},
{
"name": "46187",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46187/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
}
]
}
}

34
2019/2xxx/CVE-2019-2515.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2515",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2515",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2818.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2818",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2818",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/3xxx/CVE-2019-3065.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3065",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3065",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/3xxx/CVE-2019-3152.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3152",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3152",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/3xxx/CVE-2019-3311.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3311",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3311",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/3xxx/CVE-2019-3861.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3861",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3861",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6196.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6196",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6196",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2019/6xxx/CVE-2019-6220.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2019-6220",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "macOS",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "macOS Mojave 10.14.3"
}
]
}
}
]
},
"vendor_name" : "Apple"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.3. An application may be able to read restricted memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "An application may be able to read restricted memory"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-6220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "macOS Mojave 10.14.3"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT209446",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT209446"
},
{
"name" : "106693",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106693"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.3. An application may be able to read restricted memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to read restricted memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209446",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209446"
},
{
"name": "106693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106693"
}
]
}
}

34
2019/6xxx/CVE-2019-6280.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6280",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6280",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6617.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6617",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6617",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6822.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6822",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6822",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/7xxx/CVE-2019-7091.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7091",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7091",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/7xxx/CVE-2019-7105.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7105",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7105",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/7xxx/CVE-2019-7461.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7461",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7461",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/7xxx/CVE-2019-7878.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7878",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7878",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/8xxx/CVE-2019-8491.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8491",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8491",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/8xxx/CVE-2019-8817.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8817",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8817",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/8xxx/CVE-2019-8946.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8946",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8946",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}