admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:21:48 +00:00
parent d959975959
commit ff3cf4db98
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3263 additions and 3263 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
1999/0xxx/CVE-1999-0633.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0633",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: \"The HTTP/WWW service is running.\""
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-1999-0633",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: \"The HTTP/WWW service is running.\""
}
]
}
}

180
2007/0xxx/CVE-2007-0118.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0118",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070105 Multiple bugs in EditTag",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/456055/100/0/threaded"
},
{
"name" : "21890",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21890"
},
{
"name" : "33393",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33393"
},
{
"name" : "33394",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33394"
},
{
"name" : "33395",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33395"
},
{
"name" : "33396",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33396"
},
{
"name" : "7950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/7950"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070105 Multiple bugs in EditTag",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456055/100/0/threaded"
},
{
"name": "33395",
"refsource": "OSVDB",
"url": "http://osvdb.org/33395"
},
{
"name": "33394",
"refsource": "OSVDB",
"url": "http://osvdb.org/33394"
},
{
"name": "7950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/7950"
},
{
"name": "21890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21890"
},
{
"name": "33396",
"refsource": "OSVDB",
"url": "http://osvdb.org/33396"
},
{
"name": "33393",
"refsource": "OSVDB",
"url": "http://osvdb.org/33393"
}
]
}
}

160
2007/0xxx/CVE-2007-0501.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0501",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3171",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3171"
},
{
"name" : "22151",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22151"
},
{
"name" : "ADV-2007-0271",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0271"
},
{
"name" : "36810",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36810"
},
{
"name" : "mafiascum-index-file-include(31637)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31637"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0271",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0271"
},
{
"name": "3171",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3171"
},
{
"name": "36810",
"refsource": "OSVDB",
"url": "http://osvdb.org/36810"
},
{
"name": "mafiascum-index-file-include(31637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31637"
},
{
"name": "22151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22151"
}
]
}
}

300
2007/0xxx/CVE-2007-0882.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0882",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client \"-f\" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070213 Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/459980/100/0/threaded"
},
{
"name" : "20070212 Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/459855/100/0/threaded"
},
{
"name" : "20070212 Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/459831/100/0/threaded"
},
{
"name" : "20070212 Solaris telnet vulnberability - how many on your network?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/459843/100/0/threaded"
},
{
"name" : "20070214 Solaris telnet vuln solutions digest and network risks",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/460086/100/100/threaded"
},
{
"name" : "20070214 RE: [Full-disclosure] Solaris telnet vulnberability - how many onyour network?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/460103/100/100/threaded"
},
{
"name" : "20070211 \"0day was the case that they gave me\"",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2007/Feb/0217.html"
},
{
"name" : "http://isc.sans.org/diary.html?storyid=2220",
"refsource" : "MISC",
"url" : "http://isc.sans.org/diary.html?storyid=2220"
},
{
"name" : "http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html",
"refsource" : "MISC",
"url" : "http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html"
},
{
"name" : "102802",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1"
},
{
"name" : "TA07-059A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-059A.html"
},
{
"name" : "VU#881872",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/881872"
},
{
"name" : "22512",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22512"
},
{
"name" : "ADV-2007-0560",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0560"
},
{
"name" : "31881",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/31881"
},
{
"name" : "oval:org.mitre.oval:def:2202",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2202"
},
{
"name" : "1017625",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017625"
},
{
"name" : "24120",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24120"
},
{
"name" : "solaris-telnet-authentication-bypass(32434)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32434"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client \"-f\" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070212 Solaris telnet vulnberability - how many on your network?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459843/100/0/threaded"
},
{
"name": "ADV-2007-0560",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0560"
},
{
"name": "solaris-telnet-authentication-bypass(32434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32434"
},
{
"name": "VU#881872",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/881872"
},
{
"name": "oval:org.mitre.oval:def:2202",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2202"
},
{
"name": "http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html",
"refsource": "MISC",
"url": "http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html"
},
{
"name": "20070214 Solaris telnet vuln solutions digest and network risks",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460086/100/100/threaded"
},
{
"name": "24120",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24120"
},
{
"name": "20070211 \"0day was the case that they gave me\"",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Feb/0217.html"
},
{
"name": "1017625",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017625"
},
{
"name": "http://isc.sans.org/diary.html?storyid=2220",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=2220"
},
{
"name": "102802",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1"
},
{
"name": "31881",
"refsource": "OSVDB",
"url": "http://osvdb.org/31881"
},
{
"name": "22512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22512"
},
{
"name": "20070212 Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459831/100/0/threaded"
},
{
"name": "20070214 RE: [Full-disclosure] Solaris telnet vulnberability - how many onyour network?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460103/100/100/threaded"
},
{
"name": "20070213 Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459980/100/0/threaded"
},
{
"name": "TA07-059A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-059A.html"
},
{
"name": "20070212 Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459855/100/0/threaded"
}
]
}
}

150
2007/0xxx/CVE-2007-0922.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0922",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070212 Radical Technologies - Portal Search- multiple XSS issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/459794/100/0/threaded"
},
{
"name" : "22533",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22533"
},
{
"name" : "33714",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33714"
},
{
"name" : "2247",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2247"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33714",
"refsource": "OSVDB",
"url": "http://osvdb.org/33714"
},
{
"name": "20070212 Radical Technologies - Portal Search- multiple XSS issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459794/100/0/threaded"
},
{
"name": "2247",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2247"
},
{
"name": "22533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22533"
}
]
}
}

210
2007/1xxx/CVE-2007-1115.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1115",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/461076/100/0/threaded"
},
{
"name" : "http://www.hardened-php.net/advisory_032007.142.html",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisory_032007.142.html"
},
{
"name" : "http://www.opera.com/support/search/view/855/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/search/view/855/"
},
{
"name" : "SUSE-SA:2007:028",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_28_opera.html"
},
{
"name" : "22701",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22701"
},
{
"name" : "ADV-2007-0745",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0745"
},
{
"name" : "32118",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32118"
},
{
"name" : "1017909",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017909"
},
{
"name" : "24312",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24312"
},
{
"name" : "25027",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25027"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22701"
},
{
"name": "32118",
"refsource": "OSVDB",
"url": "http://osvdb.org/32118"
},
{
"name": "1017909",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017909"
},
{
"name": "24312",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24312"
},
{
"name": "ADV-2007-0745",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0745"
},
{
"name": "25027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25027"
},
{
"name": "http://www.opera.com/support/search/view/855/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/search/view/855/"
},
{
"name": "20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461076/100/0/threaded"
},
{
"name": "SUSE-SA:2007:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_28_opera.html"
},
{
"name": "http://www.hardened-php.net/advisory_032007.142.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_032007.142.html"
}
]
}
}

170
2007/1xxx/CVE-2007-1305.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1305",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070305 Sava's GuestBook Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/461910/100/0/threaded"
},
{
"name" : "http://belsec.com/advisories/142/summary.html",
"refsource" : "MISC",
"url" : "http://belsec.com/advisories/142/summary.html"
},
{
"name" : "22820",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22820"
},
{
"name" : "24411",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24411"
},
{
"name" : "2350",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2350"
},
{
"name" : "savasguestbook-add2-xss(32812)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32812"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22820"
},
{
"name": "savasguestbook-add2-xss(32812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32812"
},
{
"name": "20070305 Sava's GuestBook Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461910/100/0/threaded"
},
{
"name": "24411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24411"
},
{
"name": "2350",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2350"
},
{
"name": "http://belsec.com/advisories/142/summary.html",
"refsource": "MISC",
"url": "http://belsec.com/advisories/142/summary.html"
}
]
}
}

200
2007/1xxx/CVE-2007-1345.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070309 [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/462312/100/0/threaded"
},
{
"name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145",
"refsource" : "CONFIRM",
"url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145"
},
{
"name" : "22885",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22885"
},
{
"name" : "ADV-2007-0885",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0885"
},
{
"name" : "32722",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/32722"
},
{
"name" : "1017740",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017740"
},
{
"name" : "24441",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24441"
},
{
"name" : "2404",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2404"
},
{
"name" : "ca-etrust-admin-authentication-bypass(32887)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32887"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22885"
},
{
"name": "20070309 [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462312/100/0/threaded"
},
{
"name": "ca-etrust-admin-authentication-bypass(32887)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32887"
},
{
"name": "1017740",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017740"
},
{
"name": "32722",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32722"
},
{
"name": "2404",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2404"
},
{
"name": "24441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24441"
},
{
"name": "ADV-2007-0885",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0885"
},
{
"name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145",
"refsource": "CONFIRM",
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145"
}
]
}
}

180
2007/1xxx/CVE-2007-1917.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070404 CYBSEC Security Pre-Advisory: SAP SYSTEM_CREATE_INSTANCE RFC Function Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/464683/100/0/threaded"
},
{
"name" : "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf",
"refsource" : "MISC",
"url" : "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf"
},
{
"name" : "23307",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23307"
},
{
"name" : "ADV-2007-1270",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1270"
},
{
"name" : "24722",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24722"
},
{
"name" : "2536",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2536"
},
{
"name" : "sap-rfc-createinstance-bo(33416)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33416"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf"
},
{
"name": "20070404 CYBSEC Security Pre-Advisory: SAP SYSTEM_CREATE_INSTANCE RFC Function Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464683/100/0/threaded"
},
{
"name": "24722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24722"
},
{
"name": "sap-rfc-createinstance-bo(33416)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33416"
},
{
"name": "ADV-2007-1270",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1270"
},
{
"name": "2536",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2536"
},
{
"name": "23307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23307"
}
]
}
}

34
2007/5xxx/CVE-2007-5205.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5205",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5205",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2007/5xxx/CVE-2007-5416.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071010 Vulnerabilities digest",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name" : "4510",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4510"
},
{
"name" : "http://securityvulns.ru/Sdocument137.html",
"refsource" : "MISC",
"url" : "http://securityvulns.ru/Sdocument137.html"
},
{
"name" : "3216",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071010 Vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "3216",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3216"
},
{
"name": "http://securityvulns.ru/Sdocument137.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Sdocument137.html"
},
{
"name": "4510",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4510"
}
]
}
}

170
2007/5xxx/CVE-2007-5459.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5459",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://maru.bonyari.jp/mouseoverdictionary/",
"refsource" : "CONFIRM",
"url" : "http://maru.bonyari.jp/mouseoverdictionary/"
},
{
"name" : "JVN#63304072",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2363304072/index.html"
},
{
"name" : "26053",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26053"
},
{
"name" : "40475",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40475"
},
{
"name" : "27195",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27195"
},
{
"name" : "mouseover-unspecified-code-execution(37184)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40475",
"refsource": "OSVDB",
"url": "http://osvdb.org/40475"
},
{
"name": "27195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27195"
},
{
"name": "mouseover-unspecified-code-execution(37184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37184"
},
{
"name": "http://maru.bonyari.jp/mouseoverdictionary/",
"refsource": "CONFIRM",
"url": "http://maru.bonyari.jp/mouseoverdictionary/"
},
{
"name": "JVN#63304072",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2363304072/index.html"
},
{
"name": "26053",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26053"
}
]
}
}

140
2007/5xxx/CVE-2007-5627.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5627",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in content/fnc-readmail3.php in SocketMail 2.2.8 allows remote attackers to execute arbitrary PHP code via a URL in the __SOCKETMAIL_ROOT parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4554",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4554"
},
{
"name" : "26162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26162"
},
{
"name" : "socketmail-fncreadmail3-file-include(37344)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37344"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in content/fnc-readmail3.php in SocketMail 2.2.8 allows remote attackers to execute arbitrary PHP code via a URL in the __SOCKETMAIL_ROOT parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "socketmail-fncreadmail3-file-include(37344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37344"
},
{
"name": "26162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26162"
},
{
"name": "4554",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4554"
}
]
}
}

34
2007/5xxx/CVE-2007-5864.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5864",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5864",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2015/3xxx/CVE-2015-3836.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-3836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[android-security-updates] 20150812 Nexus Security Bulletin (August 2015)",
"refsource" : "MLIST",
"url" : "https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ"
},
{
"name" : "https://android.googlesource.com/platform/external/sonivox/+/e999f077f6ef59d20282f1e04786816a31fb8be6",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/external/sonivox/+/e999f077f6ef59d20282f1e04786816a31fb8be6"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/external/sonivox/+/e999f077f6ef59d20282f1e04786816a31fb8be6",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/sonivox/+/e999f077f6ef59d20282f1e04786816a31fb8be6"
},
{
"name": "[android-security-updates] 20150812 Nexus Security Bulletin (August 2015)",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ"
}
]
}
}

120
2015/6xxx/CVE-2015-6628.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6628",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24074485."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-6628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2015-12-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2015-12-01.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24074485."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2015-12-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2015-12-01.html"
}
]
}
}

170
2015/6xxx/CVE-2015-6977.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-6977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205370",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205370"
},
{
"name" : "https://support.apple.com/HT205375",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205375"
},
{
"name" : "APPLE-SA-2015-10-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
},
{
"name" : "APPLE-SA-2015-10-21-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"name" : "77263",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77263"
},
{
"name" : "1033929",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-10-21-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"name": "APPLE-SA-2015-10-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
},
{
"name": "https://support.apple.com/HT205375",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205375"
},
{
"name": "https://support.apple.com/HT205370",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205370"
},
{
"name": "77263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77263"
},
{
"name": "1033929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033929"
}
]
}
}

350
2015/7xxx/CVE-2015-7201.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-7201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-134.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-134.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1203135",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1203135"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1224100",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1224100"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1225250",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1225250"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "DSA-3422",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3422"
},
{
"name" : "DSA-3432",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3432"
},
{
"name" : "FEDORA-2015-51b1105902",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
},
{
"name" : "FEDORA-2015-7ab3d3afcf",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
},
{
"name" : "GLSA-201512-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201512-10"
},
{
"name" : "RHSA-2015:2657",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
},
{
"name" : "openSUSE-SU-2016:0307",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
},
{
"name" : "openSUSE-SU-2016:0308",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
},
{
"name" : "openSUSE-SU-2015:2353",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
},
{
"name" : "openSUSE-SU-2015:2380",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
},
{
"name" : "openSUSE-SU-2015:2406",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
},
{
"name" : "SUSE-SU-2015:2334",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
},
{
"name" : "SUSE-SU-2015:2335",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
},
{
"name" : "SUSE-SU-2015:2336",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
},
{
"name" : "USN-2859-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2859-1"
},
{
"name" : "USN-2833-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2833-1"
},
{
"name" : "79279",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/79279"
},
{
"name" : "1034426",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034426"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:2334",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-134.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-134.html"
},
{
"name": "openSUSE-SU-2015:2380",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
},
{
"name": "DSA-3432",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3432"
},
{
"name": "79279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79279"
},
{
"name": "SUSE-SU-2015:2335",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
},
{
"name": "GLSA-201512-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224100",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224100"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1203135",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1203135"
},
{
"name": "openSUSE-SU-2015:2353",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2015:2406",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "openSUSE-SU-2016:0308",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
},
{
"name": "FEDORA-2015-7ab3d3afcf",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
},
{
"name": "USN-2859-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2859-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225250",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225250"
},
{
"name": "USN-2833-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2833-1"
},
{
"name": "RHSA-2015:2657",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
},
{
"name": "SUSE-SU-2015:2336",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
},
{
"name": "openSUSE-SU-2016:0307",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
},
{
"name": "FEDORA-2015-51b1105902",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
},
{
"name": "1034426",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034426"
},
{
"name": "DSA-3422",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3422"
}
]
}
}

250
2015/7xxx/CVE-2015-7803.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7803",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20151005 CVE request: issues fixed in PHP 5.6.14 and 5.5.30",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/10/05/8"
},
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "https://bugs.php.net/bug.php?id=69720",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=69720"
},
{
"name" : "https://support.apple.com/HT205637",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205637"
},
{
"name" : "APPLE-SA-2015-12-08-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
},
{
"name" : "DSA-3380",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3380"
},
{
"name" : "GLSA-201606-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201606-10"
},
{
"name" : "SSA:2016-034-04",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720"
},
{
"name" : "SUSE-SU-2016:1145",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html"
},
{
"name" : "openSUSE-SU-2016:0366",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html"
},
{
"name" : "openSUSE-SU-2016:0251",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html"
},
{
"name" : "USN-2786-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2786-1"
},
{
"name" : "76959",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76959"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT205637",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205637"
},
{
"name": "openSUSE-SU-2016:0251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html"
},
{
"name": "https://bugs.php.net/bug.php?id=69720",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=69720"
},
{
"name": "DSA-3380",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3380"
},
{
"name": "APPLE-SA-2015-12-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
},
{
"name": "SSA:2016-034-04",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720"
},
{
"name": "76959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76959"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "[oss-security] 20151005 CVE request: issues fixed in PHP 5.6.14 and 5.5.30",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/05/8"
},
{
"name": "openSUSE-SU-2016:0366",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html"
},
{
"name": "USN-2786-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2786-1"
},
{
"name": "SUSE-SU-2016:1145",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html"
},
{
"name": "GLSA-201606-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-10"
}
]
}
}

34
2015/8xxx/CVE-2015-8190.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8190",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-8190",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

120
2015/8xxx/CVE-2015-8275.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2015-8275",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01",
"version" : {
"version_data" : [
{
"version_value" : "LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "write to arbitrary files"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-8275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01",
"version": {
"version_data": [
{
"version_value": "LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cert.lv/en/2016/01/new-cve-information-avialable",
"refsource" : "MISC",
"url" : "https://cert.lv/en/2016/01/new-cve-information-avialable"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "write to arbitrary files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.lv/en/2016/01/new-cve-information-avialable",
"refsource": "MISC",
"url": "https://cert.lv/en/2016/01/new-cve-information-avialable"
}
]
}
}

120
2015/8xxx/CVE-2015-8304.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8304",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-01-smartphone-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-01-smartphone-en"
}
]
}
}

140
2015/8xxx/CVE-2015-8363.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8363",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html"
},
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2"
},
{
"name" : "openSUSE-SU-2015:2370",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:2370",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html"
},
{
"name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2"
}
]
}
}

140
2015/8xxx/CVE-2015-8856.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8856",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160420 various vulnerabilities in Node.js packages",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/04/20/11"
},
{
"name" : "https://nodesecurity.io/advisories/34",
"refsource" : "CONFIRM",
"url" : "https://nodesecurity.io/advisories/34"
},
{
"name" : "96392",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96392"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96392"
},
{
"name": "https://nodesecurity.io/advisories/34",
"refsource": "CONFIRM",
"url": "https://nodesecurity.io/advisories/34"
},
{
"name": "[oss-security] 20160420 various vulnerabilities in Node.js packages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
}
]
}
}

34
2016/0xxx/CVE-2016-0631.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0631",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-0631",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

130
2016/0xxx/CVE-2016-0679.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0679",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect integrity and availability via vectors related to PIA Grids."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-0679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name" : "1035610",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035610"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect integrity and availability via vectors related to PIA Grids."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035610",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035610"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
]
}
}

190
2016/0xxx/CVE-2016-0978.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-0978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"name" : "GLSA-201603-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-07"
},
{
"name" : "RHSA-2016:0166",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0166.html"
},
{
"name" : "SUSE-SU-2016:0398",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
},
{
"name" : "SUSE-SU-2016:0400",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
},
{
"name" : "openSUSE-SU-2016:0412",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
},
{
"name" : "openSUSE-SU-2016:0415",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
},
{
"name" : "1034970",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034970"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:0400",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
},
{
"name": "1034970",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034970"
},
{
"name": "GLSA-201603-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"name": "RHSA-2016:0166",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0166.html"
},
{
"name": "openSUSE-SU-2016:0415",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
},
{
"name": "openSUSE-SU-2016:0412",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"name": "SUSE-SU-2016:0398",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
}
]
}
}

150
2016/1xxx/CVE-2016-1065.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1065",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-1065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-312",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-312"
},
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
},
{
"name" : "90512",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90512"
},
{
"name" : "1035828",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035828"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90512"
},
{
"name": "1035828",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035828"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-312",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-312"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
}
]
}
}

150
2016/1xxx/CVE-2016-1067.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-1067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-315",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-315"
},
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
},
{
"name" : "90512",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90512"
},
{
"name" : "1035828",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035828"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90512"
},
{
"name": "1035828",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035828"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-315",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-315"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
}
]
}
}

140
2016/1xxx/CVE-2016-1329.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1329",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://isc.sans.edu/forums/diary/20795",
"refsource" : "MISC",
"url" : "https://isc.sans.edu/forums/diary/20795"
},
{
"name" : "20160302 Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k"
},
{
"name" : "1035161",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035161"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://isc.sans.edu/forums/diary/20795",
"refsource": "MISC",
"url": "https://isc.sans.edu/forums/diary/20795"
},
{
"name": "1035161",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035161"
},
{
"name": "20160302 Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k"
}
]
}
}

240
2016/1xxx/CVE-2016-1612.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1612",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"name" : "https://chromium.googlesource.com/v8/v8/+/cfbd16172fa165cc33ce0e2e72f74e5561168a61",
"refsource" : "CONFIRM",
"url" : "https://chromium.googlesource.com/v8/v8/+/cfbd16172fa165cc33ce0e2e72f74e5561168a61"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=497632",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=497632"
},
{
"name" : "https://codereview.chromium.org/1531583005",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/1531583005"
},
{
"name" : "DSA-3456",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3456"
},
{
"name" : "GLSA-201603-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-09"
},
{
"name" : "RHSA-2016:0072",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"name" : "openSUSE-SU-2016:0249",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html"
},
{
"name" : "openSUSE-SU-2016:0250",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html"
},
{
"name" : "openSUSE-SU-2016:0271",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html"
},
{
"name" : "USN-2877-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2877-1"
},
{
"name" : "81431",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/81431"
},
{
"name" : "1034801",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034801"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0072",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"name": "USN-2877-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2877-1"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"name": "https://codereview.chromium.org/1531583005",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1531583005"
},
{
"name": "1034801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034801"
},
{
"name": "openSUSE-SU-2016:0249",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=497632",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=497632"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "https://chromium.googlesource.com/v8/v8/+/cfbd16172fa165cc33ce0e2e72f74e5561168a61",
"refsource": "CONFIRM",
"url": "https://chromium.googlesource.com/v8/v8/+/cfbd16172fa165cc33ce0e2e72f74e5561168a61"
},
{
"name": "openSUSE-SU-2016:0271",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html"
},
{
"name": "DSA-3456",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3456"
},
{
"name": "81431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81431"
},
{
"name": "openSUSE-SU-2016:0250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html"
}
]
}
}

370
2016/1xxx/CVE-2016-1683.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1340016",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1340016"
},
{
"name" : "https://crbug.com/583156",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/583156"
},
{
"name" : "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242",
"refsource" : "CONFIRM",
"url" : "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242"
},
{
"name" : "https://support.apple.com/HT206899",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206899"
},
{
"name" : "https://support.apple.com/HT206901",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206901"
},
{
"name" : "https://support.apple.com/HT206902",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206902"
},
{
"name" : "https://support.apple.com/HT206903",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206903"
},
{
"name" : "https://support.apple.com/HT206904",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206904"
},
{
"name" : "https://support.apple.com/HT206905",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206905"
},
{
"name" : "APPLE-SA-2016-07-18-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name" : "APPLE-SA-2016-07-18-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name" : "APPLE-SA-2016-07-18-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name" : "APPLE-SA-2016-07-18-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name" : "APPLE-SA-2016-07-18-6",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name" : "DSA-3590",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3590"
},
{
"name" : "DSA-3605",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3605"
},
{
"name" : "GLSA-201607-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201607-07"
},
{
"name" : "RHSA-2016:1190",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"name" : "openSUSE-SU-2016:1430",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name" : "openSUSE-SU-2016:1433",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"name" : "openSUSE-SU-2016:1496",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"name" : "USN-2992-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name" : "90876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90876"
},
{
"name" : "91826",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91826"
},
{
"name" : "1035981",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035981"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242"
},
{
"name": "90876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "openSUSE-SU-2016:1496",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"name": "https://support.apple.com/HT206901",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206901"
},
{
"name": "1035981",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"name": "DSA-3590",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "USN-2992-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "91826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "openSUSE-SU-2016:1430",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "RHSA-2016:1190",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"name": "https://crbug.com/583156",
"refsource": "CONFIRM",
"url": "https://crbug.com/583156"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
},
{
"name": "GLSA-201607-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"name": "https://support.apple.com/HT206899",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206899"
}
]
}
}

140
2016/5xxx/CVE-2016-5594.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to INFRA."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-5594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "93616",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93616"
},
{
"name" : "1037049",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037049"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to INFRA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93616"
},
{
"name": "1037049",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037049"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
}
]
}
}

34
2019/0xxx/CVE-2019-0400.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0400",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0400",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0700.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0700",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0700",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0897.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0897",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0897",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0975.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0975",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0975",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

126
2019/1000xxx/CVE-2019-1000006.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.015070",
"DATE_REQUESTED" : "2019-01-09T16:28:24",
"ID" : "CVE-2019-1000006",
"REQUESTER" : "soeren+mitre@soeren-tempel.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2019-01-22T21:21:10.015070",
"DATE_REQUESTED": "2019-01-09T16:28:24",
"ID": "CVE-2019-1000006",
"REQUESTER": "soeren+mitre@soeren-tempel.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/RIOT-OS/RIOT/issues/10739",
"refsource" : "MISC",
"url" : "https://github.com/RIOT-OS/RIOT/issues/10739"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/RIOT-OS/RIOT/issues/10739",
"refsource": "MISC",
"url": "https://github.com/RIOT-OS/RIOT/issues/10739"
}
]
}
}

34
2019/1xxx/CVE-2019-1267.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1267",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1267",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1369.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1369",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1369",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1570.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1570",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1570",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2019/1xxx/CVE-2019-1661.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-02-06T16:00:00-0800",
"ID" : "CVE-2019-1661",
"STATE" : "PUBLIC",
"TITLE" : "Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco TelePresence Management Suite (TMS) ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "6.1",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-02-06T16:00:00-0800",
"ID": "CVE-2019-1661",
"STATE": "PUBLIC",
"TITLE": "Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Management Suite (TMS) ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190206 Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-tms-xss"
},
{
"name" : "106920",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106920"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190206-tms-xss",
"defect" : [
[
"CSCvj25304"
]
],
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106920"
},
{
"name": "20190206 Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-tms-xss"
}
]
},
"source": {
"advisory": "cisco-sa-20190206-tms-xss",
"defect": [
[
"CSCvj25304"
]
],
"discovery": "INTERNAL"
}
}

34
2019/1xxx/CVE-2019-1940.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1940",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1940",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4351.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4351",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4351",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4567.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4567",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4567",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4836.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4836",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4836",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4955.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4955",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4955",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5382.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5382",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5382",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5449.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5449",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5449",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5699.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5699",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5699",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5902.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5902",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5902",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2019/8xxx/CVE-2019-8377.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/appneta/tcpreplay/issues/536",
"refsource" : "MISC",
"url" : "https://github.com/appneta/tcpreplay/issues/536"
},
{
"name" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/",
"refsource" : "MISC",
"url" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/"
},
{
"name" : "107085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107085"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/appneta/tcpreplay/issues/536",
"refsource": "MISC",
"url": "https://github.com/appneta/tcpreplay/issues/536"
},
{
"name": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/",
"refsource": "MISC",
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/"
},
{
"name": "107085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107085"
}
]
}
}

34
2019/8xxx/CVE-2019-8610.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8610",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8610",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2019/8xxx/CVE-2019-8933.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8933",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.csdn.net/qq_36093477/article/details/86681178",
"refsource" : "MISC",
"url" : "https://blog.csdn.net/qq_36093477/article/details/86681178"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.csdn.net/qq_36093477/article/details/86681178",
"refsource": "MISC",
"url": "https://blog.csdn.net/qq_36093477/article/details/86681178"
}
]
}
}

34
2019/9xxx/CVE-2019-9438.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9438",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9438",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2019/9xxx/CVE-2019-9631.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9631",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gitlab.freedesktop.org/poppler/poppler/issues/736",
"refsource" : "MISC",
"url" : "https://gitlab.freedesktop.org/poppler/poppler/issues/736"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/736",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/736"
}
]
}
}