admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:13:21 +00:00
parent 9355bbdff2
commit fc20099cb0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3468 additions and 3468 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2007/0xxx/CVE-2007-0454.json
View File

@ -1,176 +1,176 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0454",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-0454",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping."
"lang": "eng",
"value": "Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/459179/100/0/threaded"
"name": "VU#649732",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/649732"
},
{
"name" : "20070207 rPSA-2007-0026-1 samba samba-swat",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/459365/100/0/threaded"
"name": "24046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24046"
},
{
"name" : "http://us1.samba.org/samba/security/CVE-2007-0454.html",
"refsource" : "CONFIRM",
"url" : "http://us1.samba.org/samba/security/CVE-2007-0454.html"
"name": "24101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24101"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1005",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1005"
"name": "20070207 rPSA-2007-0026-1 samba samba-swat",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459365/100/0/threaded"
},
{
"name" : "DSA-1257",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1257"
"name": "GLSA-200702-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"
},
{
"name" : "GLSA-200702-01",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"
"name": "OpenPKG-SA-2007.012",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"
},
{
"name" : "MDKSA-2007:034",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"
"name": "1017588",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017588"
},
{
"name" : "OpenPKG-SA-2007.012",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"
"name": "24151",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24151"
},
{
"name" : "SSA:2007-038-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916"
"name": "ADV-2007-0483",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0483"
},
{
"name" : "2007-0007",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2007/0007"
"name": "24021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24021"
},
{
"name" : "USN-419-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-419-1"
"name": "https://issues.rpath.com/browse/RPL-1005",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1005"
},
{
"name" : "VU#649732",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/649732"
"name": "http://us1.samba.org/samba/security/CVE-2007-0454.html",
"refsource": "CONFIRM",
"url": "http://us1.samba.org/samba/security/CVE-2007-0454.html"
},
{
"name" : "22403",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22403"
"name": "24067",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24067"
},
{
"name" : "ADV-2007-0483",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0483"
"name": "33101",
"refsource": "OSVDB",
"url": "http://osvdb.org/33101"
},
{
"name" : "33101",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33101"
"name": "24145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24145"
},
{
"name" : "1017588",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017588"
"name": "24060",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24060"
},
{
"name" : "24021",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24021"
"name": "MDKSA-2007:034",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"
},
{
"name" : "24060",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24060"
"name": "20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459179/100/0/threaded"
},
{
"name" : "24067",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24067"
"name": "2007-0007",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0007"
},
{
"name" : "24101",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24101"
"name": "USN-419-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-419-1"
},
{
"name" : "24046",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24046"
"name": "samba-afsacl-format-string(32304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"
},
{
"name" : "24151",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24151"
"name": "22403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22403"
},
{
"name" : "24145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24145"
"name": "SSA:2007-038-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916"
},
{
"name" : "samba-afsacl-format-string(32304)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"
"name": "DSA-1257",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1257"
}
]
}

74
2007/0xxx/CVE-2007-0535.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0535",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0535",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "ADV-2007-0300",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0300"
"name": "ADV-2007-0300",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0300"
},
{
"name" : "31606",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/31606"
"name": "31606",
"refsource": "OSVDB",
"url": "http://osvdb.org/31606"
},
{
"name" : "23834",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23834"
"name": "23834",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23834"
}
]
}

104
2007/0xxx/CVE-2007-0668.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0668",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0668",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service."
"lang": "eng",
"value": "The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "102699",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102699-1"
"name": "oval:org.mitre.oval:def:1372",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1372"
},
{
"name" : "22364",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22364"
"name": "22364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22364"
},
{
"name" : "ADV-2007-0462",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0462"
"name": "solaris-loopbackfs-dos(32140)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32140"
},
{
"name" : "31879",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/31879"
"name": "ADV-2007-0462",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0462"
},
{
"name" : "oval:org.mitre.oval:def:1372",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1372"
"name": "102699",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102699-1"
},
{
"name" : "1017582",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017582"
"name": "31879",
"refsource": "OSVDB",
"url": "http://osvdb.org/31879"
},
{
"name" : "23996",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23996"
"name": "23996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23996"
},
{
"name" : "solaris-loopbackfs-dos(32140)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32140"
"name": "1017582",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017582"
}
]
}

92
2007/0xxx/CVE-2007-0822.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0822",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0822",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents."
"lang": "eng",
"value": "umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070201 umount crash and xterm (kind of) information leak!",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0012.html"
"name": "33652",
"refsource": "OSVDB",
"url": "http://osvdb.org/33652"
},
{
"name" : "http://gotfault.wordpress.com/2007/01/18/umount-bug/",
"refsource" : "MISC",
"url" : "http://gotfault.wordpress.com/2007/01/18/umount-bug/"
"name": "MDKSA-2007:053",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:053"
},
{
"name" : "MDKSA-2007:053",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:053"
"name": "20070201 umount crash and xterm (kind of) information leak!",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0012.html"
},
{
"name" : "22850",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22850"
"name": "http://gotfault.wordpress.com/2007/01/18/umount-bug/",
"refsource": "MISC",
"url": "http://gotfault.wordpress.com/2007/01/18/umount-bug/"
},
{
"name" : "33652",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33652"
"name": "22850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22850"
},
{
"name" : "1017729",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017729"
"name": "1017729",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017729"
}
]
}

98
2007/3xxx/CVE-2007-3001.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3001",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3001",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070530 PHP JackKnife [multiple vulnerabilities]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/470111/100/0/threaded"
"name": "38878",
"refsource": "OSVDB",
"url": "http://osvdb.org/38878"
},
{
"name" : "24253",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24253"
"name": "phpjk-indexgdisplayauthenticate-xss(34643)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34643"
},
{
"name" : "38877",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38877"
"name": "24253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24253"
},
{
"name" : "38878",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38878"
"name": "2768",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2768"
},
{
"name" : "38879",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38879"
"name": "38877",
"refsource": "OSVDB",
"url": "http://osvdb.org/38877"
},
{
"name" : "2768",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2768"
"name": "38879",
"refsource": "OSVDB",
"url": "http://osvdb.org/38879"
},
{
"name" : "phpjk-indexgdisplayauthenticate-xss(34643)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34643"
"name": "20070530 PHP JackKnife [multiple vulnerabilities]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470111/100/0/threaded"
}
]
}

80
2007/3xxx/CVE-2007-3660.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3660",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3660",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function."
"lang": "eng",
"value": "The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070707 [Eleytt] 7LIPIEC2007",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/473187"
"name": "42022",
"refsource": "OSVDB",
"url": "http://osvdb.org/42022"
},
{
"name" : "http://www.eleytt.com/advisories/eleytt_NONNOIASPBARCODE.pdf",
"refsource" : "MISC",
"url" : "http://www.eleytt.com/advisories/eleytt_NONNOIASPBARCODE.pdf"
"name": "24822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24822"
},
{
"name" : "24822",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24822"
"name": "20070707 [Eleytt] 7LIPIEC2007",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473187"
},
{
"name" : "42022",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42022"
"name": "http://www.eleytt.com/advisories/eleytt_NONNOIASPBARCODE.pdf",
"refsource": "MISC",
"url": "http://www.eleytt.com/advisories/eleytt_NONNOIASPBARCODE.pdf"
}
]
}

104
2007/3xxx/CVE-2007-3700.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3700",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3700",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth."
"lang": "eng",
"value": "Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "101918",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101918-1"
"name": "24859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24859"
},
{
"name" : "200386",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200386-1"
"name": "ADV-2007-2496",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2496"
},
{
"name" : "24859",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24859"
"name": "26030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26030"
},
{
"name" : "ADV-2007-2496",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2496"
"name": "37249",
"refsource": "OSVDB",
"url": "http://osvdb.org/37249"
},
{
"name" : "37249",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37249"
"name": "1018370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018370"
},
{
"name" : "1018370",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018370"
"name": "101918",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101918-1"
},
{
"name" : "26030",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26030"
"name": "200386",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200386-1"
},
{
"name" : "sun-jsam-message-information-disclosure(35339)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35339"
"name": "sun-jsam-message-information-disclosure(35339)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35339"
}
]
}

92
2007/3xxx/CVE-2007-3883.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3883",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3883",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method."
"lang": "eng",
"value": "The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "4190",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4190"
"name": "24959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24959"
},
{
"name" : "5395",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5395"
"name": "5395",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5395"
},
{
"name" : "24959",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24959"
"name": "datadynamics-actbar3-file-overwrite(35471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35471"
},
{
"name" : "37692",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37692"
"name": "37692",
"refsource": "OSVDB",
"url": "http://osvdb.org/37692"
},
{
"name" : "26098",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26098"
"name": "4190",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4190"
},
{
"name" : "datadynamics-actbar3-file-overwrite(35471)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35471"
"name": "26098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26098"
}
]
}

104
2007/3xxx/CVE-2007-3974.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3974",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3974",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters."
"lang": "eng",
"value": "admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070720 JBlog 1.0 Creat Admin exploit, xss, Cookie Manipulation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/474320/100/0/threaded"
"name": "2919",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2919"
},
{
"name" : "4211",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4211"
"name": "26165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26165"
},
{
"name" : "24991",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24991"
"name": "jblog-ajoutaut-authentication-bypass(35550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35550"
},
{
"name" : "ADV-2007-2611",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2611"
"name": "20070720 JBlog 1.0 Creat Admin exploit, xss, Cookie Manipulation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474320/100/0/threaded"
},
{
"name" : "38561",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38561"
"name": "24991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24991"
},
{
"name" : "26165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26165"
"name": "4211",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4211"
},
{
"name" : "2919",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2919"
"name": "ADV-2007-2611",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2611"
},
{
"name" : "jblog-ajoutaut-authentication-bypass(35550)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35550"
"name": "38561",
"refsource": "OSVDB",
"url": "http://osvdb.org/38561"
}
]
}

68
2007/4xxx/CVE-2007-4043.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4043",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4043",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a \"%00.gif\" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files."
"lang": "eng",
"value": "file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a \"%00.gif\" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070720 Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=118522960430476&w=2"
"name": "http://www.oliverkarow.de/research/securityreporter.txt",
"refsource": "MISC",
"url": "http://www.oliverkarow.de/research/securityreporter.txt"
},
{
"name" : "http://www.oliverkarow.de/research/securityreporter.txt",
"refsource" : "MISC",
"url" : "http://www.oliverkarow.de/research/securityreporter.txt"
"name": "20070720 Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=118522960430476&w=2"
}
]
}

80
2007/4xxx/CVE-2007-4146.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4146",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4146",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2.61 through 4.03 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2.61 through 4.03 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/25148.html",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/25148.html"
"name": "28389",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28389"
},
{
"name" : "25148",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25148"
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/25148.html",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/25148.html"
},
{
"name" : "40156",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40156"
"name": "40156",
"refsource": "OSVDB",
"url": "http://osvdb.org/40156"
},
{
"name" : "28389",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28389"
"name": "25148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25148"
}
]
}

86
2007/4xxx/CVE-2007-4206.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4206",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4206",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges."
"lang": "eng",
"value": "Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.kaspersky.com/technews?id=203038705",
"refsource" : "CONFIRM",
"url" : "http://www.kaspersky.com/technews?id=203038705"
"name": "25189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25189"
},
{
"name" : "25189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25189"
"name": "http://www.kaspersky.com/technews?id=203038705",
"refsource": "CONFIRM",
"url": "http://www.kaspersky.com/technews?id=203038705"
},
{
"name" : "37216",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37216"
"name": "26312",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26312"
},
{
"name" : "26312",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26312"
"name": "kaspersky-antispam-insecure-permissions(35782)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35782"
},
{
"name" : "kaspersky-antispam-insecure-permissions(35782)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35782"
"name": "37216",
"refsource": "OSVDB",
"url": "http://osvdb.org/37216"
}
]
}

98
2007/4xxx/CVE-2007-4244.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4244",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4244",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter."
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070803 Joomla J! Reactions Component Remote File include Bug",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/475544/100/0/threaded"
"name": "2984",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2984"
},
{
"name" : "20070818 Re: Joomla J! Reactions Component Remote File include Bug",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/477144/100/0/threaded"
"name": "25198",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25198"
},
{
"name" : "20070820 Re: Re: Joomla J! Reactions Component Remote File include Bug",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/477245/100/0/threaded"
"name": "http://yollubunlar.org/joomla-j-reactions-component-rfi-75.html",
"refsource": "MISC",
"url": "http://yollubunlar.org/joomla-j-reactions-component-rfi-75.html"
},
{
"name" : "http://yollubunlar.org/joomla-j-reactions-component-rfi-75.html",
"refsource" : "MISC",
"url" : "http://yollubunlar.org/joomla-j-reactions-component-rfi-75.html"
"name": "20070820 Re: Re: Joomla J! Reactions Component Remote File include Bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477245/100/0/threaded"
},
{
"name" : "25198",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25198"
"name": "20070818 Re: Joomla J! Reactions Component Remote File include Bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477144/100/0/threaded"
},
{
"name" : "2984",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2984"
"name": "20070803 Joomla J! Reactions Component Remote File include Bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475544/100/0/threaded"
},
{
"name" : "jreactions-langset-file-include(35808)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35808"
"name": "jreactions-langset-file-include(35808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35808"
}
]
}

86
2007/4xxx/CVE-2007-4365.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4365",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4365",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070813 eXV2.de Browser Cookie is not properly sanitised",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/476287/100/0/threaded"
"name": "exv2-setlang-xss(35992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35992"
},
{
"name" : "http://www.i-s-o.org/security.txt",
"refsource" : "MISC",
"url" : "http://www.i-s-o.org/security.txt"
"name": "36479",
"refsource": "OSVDB",
"url": "http://osvdb.org/36479"
},
{
"name" : "36479",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36479"
"name": "20070813 eXV2.de Browser Cookie is not properly sanitised",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476287/100/0/threaded"
},
{
"name" : "3021",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3021"
"name": "http://www.i-s-o.org/security.txt",
"refsource": "MISC",
"url": "http://www.i-s-o.org/security.txt"
},
{
"name" : "exv2-setlang-xss(35992)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35992"
"name": "3021",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3021"
}
]
}

110
2007/6xxx/CVE-2007-6355.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6355",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6355",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer overflow in exiftags before 1.01 has unknown impact and attack vectors, resulting from a \"field offset overflow\" that triggers an \"illegal memory access,\" a different vulnerability than CVE-2007-6354."
"lang": "eng",
"value": "Integer overflow in exiftags before 1.01 has unknown impact and attack vectors, resulting from a \"field offset overflow\" that triggers an \"illegal memory access,\" a different vulnerability than CVE-2007-6354."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=202354",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=202354"
"name": "29580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29580"
},
{
"name" : "http://johnst.org/sw/exiftags/CHANGES",
"refsource" : "CONFIRM",
"url" : "http://johnst.org/sw/exiftags/CHANGES"
"name": "http://bugs.gentoo.org/show_bug.cgi?id=202354",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=202354"
},
{
"name" : "DSA-1533",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1533"
"name": "28110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28110"
},
{
"name" : "GLSA-200712-17",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200712-17.xml"
"name": "DSA-1533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1533"
},
{
"name" : "26892",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26892"
"name": "28268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28268"
},
{
"name" : "ADV-2007-4251",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4251"
"name": "GLSA-200712-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-17.xml"
},
{
"name" : "28110",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28110"
"name": "ADV-2007-4251",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4251"
},
{
"name" : "28268",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28268"
"name": "http://johnst.org/sw/exiftags/CHANGES",
"refsource": "CONFIRM",
"url": "http://johnst.org/sw/exiftags/CHANGES"
},
{
"name" : "29580",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29580"
"name": "26892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26892"
}
]
}

80
2010/5xxx/CVE-2010-5050.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5050",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5050",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "40355",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40355"
"name": "64857",
"refsource": "OSVDB",
"url": "http://osvdb.org/64857"
},
{
"name" : "64857",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64857"
"name": "40355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40355"
},
{
"name" : "39901",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39901"
"name": "39901",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39901"
},
{
"name" : "admanager-remoteshare-xss(58860)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58860"
"name": "admanager-remoteshare-xss(58860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58860"
}
]
}

68
2014/100xxx/CVE-2014-100009.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-100009",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-100009",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php, (2) myCalendar.php, (3) refreshDate.php, (4) show_image.php, (5) widget.php, (6) phpthumb/GdThumb.inc.php, or (7) phpthumb/thumb_plugins/gd_reflection.inc.php in includes/."
"lang": "eng",
"value": "The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php, (2) myCalendar.php, (3) refreshDate.php, (4) show_image.php, (5) widget.php, (6) phpthumb/GdThumb.inc.php, or (7) phpthumb/thumb_plugins/gd_reflection.inc.php in includes/."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstormsecurity.com/files/125959",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/125959"
"name": "http://packetstormsecurity.com/files/125959",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125959"
},
{
"name" : "http://websecurity.com.ua/7087/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/7087/"
"name": "http://websecurity.com.ua/7087/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/7087/"
}
]
}

134
2014/5xxx/CVE-2014-5353.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5353",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5353",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy."
"lang": "eng",
"value": "The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"
"name": "RHSA-2015:0794",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0794.html"
},
{
"name" : "https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3",
"refsource" : "CONFIRM",
"url" : "https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3"
"name": "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0536.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0536.html"
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226"
"name": "FEDORA-2015-5949",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
"name": "MDVSA-2015:009",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:009"
},
{
"name" : "FEDORA-2015-5949",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html"
"name": "openSUSE-SU-2015:0542",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html"
},
{
"name" : "MDVSA-2015:009",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:009"
"name": "1031376",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031376"
},
{
"name" : "RHSA-2015:0439",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0439.html"
"name": "RHSA-2015:0439",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"
},
{
"name" : "RHSA-2015:0794",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0794.html"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "openSUSE-SU-2015:0542",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html"
"name": "https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3"
},
{
"name" : "USN-2498-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2498-1"
"name": "USN-2498-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2498-1"
},
{
"name" : "71679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71679"
"name": "71679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71679"
},
{
"name" : "1031376",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031376"
"name": "http://advisories.mageia.org/MGASA-2014-0536.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0536.html"
}
]
}

74
2014/5xxx/CVE-2014-5652.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5652",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5652",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Kicksend Photo Prints (aka com.kicksend.android.print) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Kicksend Photo Prints (aka com.kicksend.android.print) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#884689",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/884689"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#884689",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/884689"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

74
2014/5xxx/CVE-2014-5688.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5688",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5688",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Runtastic Pedometer (aka com.runtastic.android.pedometer.lite) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Runtastic Pedometer (aka com.runtastic.android.pedometer.lite) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#941801",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/941801"
"name": "VU#941801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/941801"
}
]
}

62
2015/2xxx/CVE-2015-2007.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2007",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-2007",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL."
"lang": "eng",
"value": "Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21967647",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21967647"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21967647",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967647"
}
]
}

22
2015/2xxx/CVE-2015-2437.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2437",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-2437",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}

80
2015/2xxx/CVE-2015-2720.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2720",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-2720",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file."
"lang": "eng",
"value": "The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-58.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-58.html"
"name": "74611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74611"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1127481",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1127481"
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-58.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-58.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1127481",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1127481"
},
{
"name" : "74611",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74611"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
}
]
}

74
2015/6xxx/CVE-2015-6149.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6149",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6149",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-6147."
"lang": "eng",
"value": "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-6147."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-589",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-589"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-589",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-589"
},
{
"name" : "MS15-124",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124"
"name": "1034315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034315"
},
{
"name" : "1034315",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034315"
"name": "MS15-124",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124"
}
]
}

68
2015/6xxx/CVE-2015-6177.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6177",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-6177",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS15-131",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
"name": "MS15-131",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131"
},
{
"name" : "1034324",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034324"
"name": "1034324",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034324"
}
]
}

62
2015/6xxx/CVE-2015-6370.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6370",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6370",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578."
"lang": "eng",
"value": "The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20151117 Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire1"
"name": "20151117 Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire1"
}
]
}

22
2015/6xxx/CVE-2015-6804.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6804",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6804",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2015/6xxx/CVE-2015-6964.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6964",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6964",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2016/1000xxx/CVE-2016-1000307.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1000307",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000307",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section. NOTE: the collection_description vector is already covered by CVE-2015-4673."
"lang": "eng",
"value": "Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section. NOTE: the collection_description vector is already covered by CVE-2015-4673."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/master/DWF/2016/1000307/CVE-2016-1000307.json",
"refsource" : "MISC",
"url" : "https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/master/DWF/2016/1000307/CVE-2016-1000307.json"
"name": "https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/master/DWF/2016/1000307/CVE-2016-1000307.json",
"refsource": "MISC",
"url": "https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/master/DWF/2016/1000307/CVE-2016-1000307.json"
}
]
}

182
2016/10xxx/CVE-2016-10033.json
View File

@ -1,161 +1,161 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10033",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10033",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \\\" (backslash double quote) in a crafted Sender property."
"lang": "eng",
"value": "The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \\\" (backslash double quote) in a crafted Sender property."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20161227 PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/539963/100/0/threaded"
"name": "http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html"
},
{
"name" : "40968",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40968/"
"name": "https://www.drupal.org/psa-2016-004",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/psa-2016-004"
},
{
"name" : "40970",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40970/"
"name": "42221",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42221/"
},
{
"name" : "42221",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42221/"
"name": "40969",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40969/"
},
{
"name" : "42024",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42024/"
"name": "41962",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41962/"
},
{
"name" : "41962",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41962/"
"name": "40968",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40968/"
},
{
"name" : "41996",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41996/"
"name": "https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html",
"refsource": "MISC",
"url": "https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html"
},
{
"name" : "40969",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40969/"
"name": "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18",
"refsource": "CONFIRM",
"url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18"
},
{
"name" : "40974",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40974/"
"name": "20161227 PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539963/100/0/threaded"
},
{
"name" : "40986",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40986/"
"name": "https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities"
},
{
"name" : "20161227 PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Dec/78"
"name": "http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html"
},
{
"name" : "http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html"
"name": "40974",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40974/"
},
{
"name" : "https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html",
"refsource" : "MISC",
"url" : "https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html"
"name": "40986",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40986/"
},
{
"name" : "http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html"
"name": "40970",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40970/"
},
{
"name" : "http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection",
"refsource" : "MISC",
"url" : "http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection"
"name": "http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection"
},
{
"name" : "https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html",
"refsource" : "CONFIRM",
"url" : "https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html"
"name": "41996",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41996/"
},
{
"name" : "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18",
"refsource" : "CONFIRM",
"url" : "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18"
"name": "20161227 PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Dec/78"
},
{
"name" : "https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities",
"refsource" : "CONFIRM",
"url" : "https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities"
"name": "95108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95108"
},
{
"name" : "https://www.drupal.org/psa-2016-004",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/psa-2016-004"
"name": "1037533",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037533"
},
{
"name" : "95108",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95108"
"name": "https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html",
"refsource": "CONFIRM",
"url": "https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html"
},
{
"name" : "1037533",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037533"
"name": "42024",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42024/"
}
]
}

70
2016/10xxx/CVE-2016-10284.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-10284",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-10284",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "Kernel-3.10"
"version_value": "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402303. References: QC-CR#2000664."
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402303. References: QC-CR#2000664."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of privilege"
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "98162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98162"
"name": "98162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98162"
}
]
}

70
2016/10xxx/CVE-2016-10439.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2016-10439",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2016-10439",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile",
"version" : {
"version_data" : [
"product_name": "Snapdragon Automobile, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value" : "SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A"
"version_value": "SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, there is a TOCTOU vulnerability in the input validation for bulletin_board_read syscall. A pointer dereference is being validated without promising the pointer hasn't been changed by the HLOS program."
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, there is a TOCTOU vulnerability in the input validation for bulletin_board_read syscall. A pointer dereference is being validated without promising the pointer hasn't been changed by the HLOS program."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Time-of-check Time-of-use (TOCTOU) Race Condition in Core."
"lang": "eng",
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition in Core."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}

64
2016/10xxx/CVE-2016-10625.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10625",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10625",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "headless-browser-lite node module",
"version" : {
"version_data" : [
"product_name": "headless-browser-lite node module",
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
"vendor_name": "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
"lang": "eng",
"value": "headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://nodesecurity.io/advisories/230",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/230"
"name": "https://nodesecurity.io/advisories/230",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/230"
}
]
}

64
2016/10xxx/CVE-2016-10630.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10630",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10630",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "install-g-test node module",
"version" : {
"version_data" : [
"product_name": "install-g-test node module",
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
"vendor_name": "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks."
"lang": "eng",
"value": "install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://nodesecurity.io/advisories/228",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/228"
"name": "https://nodesecurity.io/advisories/228",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/228"
}
]
}

74
2016/4xxx/CVE-2016-4170.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4170",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4170",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html"
"name": "1036563",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036563"
},
{
"name" : "92378",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92378"
"name": "92378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92378"
},
{
"name" : "1036563",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036563"
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html"
}
]
}

22
2016/4xxx/CVE-2016-4413.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4413",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4413",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

218
2016/4xxx/CVE-2016-4913.json
View File

@ -1,191 +1,191 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4913",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-4913",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem."
"lang": "eng",
"value": "The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/18/3"
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name" : "[oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/18/5"
"name": "https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6"
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
"name": "USN-3017-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1337528",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1337528"
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name" : "https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6"
"name": "USN-3017-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
"name": "USN-3018-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
"name": "USN-3021-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name" : "DSA-3607",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3607"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1337528",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337528"
},
{
"name" : "RHSA-2018:3083",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3083"
"name": "USN-3017-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name" : "RHSA-2018:3096",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3096"
"name": "USN-3019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name" : "SUSE-SU-2016:1672",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name" : "SUSE-SU-2016:1985",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
"name": "USN-3016-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name" : "USN-3016-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3016-1"
"name": "USN-3016-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name" : "USN-3016-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3016-2"
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name" : "USN-3016-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3016-3"
"name": "USN-3021-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name" : "USN-3016-4",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3016-4"
"name": "[oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/5"
},
{
"name" : "USN-3017-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3017-1"
"name": "USN-3018-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name" : "USN-3017-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3017-2"
"name": "[oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/3"
},
{
"name" : "USN-3017-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3017-3"
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name" : "USN-3018-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3018-1"
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name" : "USN-3018-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3018-2"
"name": "90730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90730"
},
{
"name" : "USN-3019-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3019-1"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"name" : "USN-3020-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3020-1"
"name": "USN-3016-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name" : "USN-3021-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3021-1"
"name": "USN-3016-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name" : "USN-3021-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3021-2"
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name" : "90730",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90730"
"name": "USN-3020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3020-1"
}
]
}

74
2016/9xxx/CVE-2016-9471.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2016-9471",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9471",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Revive Adserver All versions before 3.2.5 and 4.0.0",
"version" : {
"version_data" : [
"product_name": "Revive Adserver All versions before 3.2.5 and 4.0.0",
"version": {
"version_data": [
{
"version_value" : "Revive Adserver All versions before 3.2.5 and 4.0.0"
"version_value": "Revive Adserver All versions before 3.2.5 and 4.0.0"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver."
"lang": "eng",
"value": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)"
"lang": "eng",
"value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb",
"refsource" : "MISC",
"url" : "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb"
"name": "https://hackerone.com/reports/128181",
"refsource": "MISC",
"url": "https://hackerone.com/reports/128181"
},
{
"name" : "https://hackerone.com/reports/128181",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/128181"
"name": "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb"
},
{
"name" : "https://www.revive-adserver.com/security/revive-sa-2016-002/",
"refsource" : "MISC",
"url" : "https://www.revive-adserver.com/security/revive-sa-2016-002/"
"name": "https://www.revive-adserver.com/security/revive-sa-2016-002/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
]
}

68
2016/9xxx/CVE-2016-9584.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-9584",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9584",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file."
"lang": "eng",
"value": "libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20161215 CVE-2016-9584: heap use-after-free on libical",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/15/5"
"name": "[oss-security] 20161215 CVE-2016-9584: heap use-after-free on libical",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/5"
},
{
"name" : "94948",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94948"
"name": "94948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94948"
}
]
}

98
2016/9xxx/CVE-2016-9756.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9756",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9756",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application."
"lang": "eng",
"value": "arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20161201 CVE request: Kernel: kvm: stack memory information leakage",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/01/1"
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2117d5398c81554fbf803f5fd1dc55eb78216c0c",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2117d5398c81554fbf803f5fd1dc55eb78216c0c"
"name": "[oss-security] 20161201 CVE request: Kernel: kvm: stack memory information leakage",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/1"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2117d5398c81554fbf803f5fd1dc55eb78216c0c",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2117d5398c81554fbf803f5fd1dc55eb78216c0c"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1400468",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1400468"
"name": "94615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94615"
},
{
"name" : "https://github.com/torvalds/linux/commit/2117d5398c81554fbf803f5fd1dc55eb78216c0c",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/2117d5398c81554fbf803f5fd1dc55eb78216c0c"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1400468",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400468"
},
{
"name" : "openSUSE-SU-2017:0002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00000.html"
"name": "openSUSE-SU-2017:0002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00000.html"
},
{
"name" : "94615",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94615"
"name": "https://github.com/torvalds/linux/commit/2117d5398c81554fbf803f5fd1dc55eb78216c0c",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/2117d5398c81554fbf803f5fd1dc55eb78216c0c"
}
]
}

22
2019/2xxx/CVE-2019-2368.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2368",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2368",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/2xxx/CVE-2019-2623.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2623",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2623",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/2xxx/CVE-2019-2669.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2669",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2669",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/3xxx/CVE-2019-3081.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3081",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3081",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/3xxx/CVE-2019-3406.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3406",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3406",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/6xxx/CVE-2019-6107.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6107",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6107",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/6xxx/CVE-2019-6160.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6160",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6160",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/6xxx/CVE-2019-6343.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6343",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6343",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/6xxx/CVE-2019-6774.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6774",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6774",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/7xxx/CVE-2019-7012.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7012",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7012",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2019/7xxx/CVE-2019-7282.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7282",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7282",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685."
"lang": "eng",
"value": "In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugs.debian.org/920486",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/920486"
"name": "https://bugs.debian.org/920486",
"refsource": "MISC",
"url": "https://bugs.debian.org/920486"
},
{
"name" : "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"refsource" : "MISC",
"url" : "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
"name": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"refsource": "MISC",
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
}
]
}

22
2019/7xxx/CVE-2019-7508.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7508",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7508",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/7xxx/CVE-2019-7537.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7537",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7537",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/7xxx/CVE-2019-7598.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7598",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7598",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/8xxx/CVE-2019-8006.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8006",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8006",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/8xxx/CVE-2019-8046.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8046",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8046",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/8xxx/CVE-2019-8287.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8287",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8287",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2019/8xxx/CVE-2019-8471.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8471",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8471",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}