admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:11:25 +00:00
parent aefe4620a0
commit 0a4f6b90cd
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4601 additions and 4601 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2006/1xxx/CVE-2006-1024.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16897",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16897"
},
{
"name" : "ADV-2006-0784",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0784"
},
{
"name" : "23575",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23575"
},
{
"name" : "19019",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19019"
},
{
"name" : "storebot-mgrlogin-sql-injection(24987)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24987"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16897"
},
{
"name": "23575",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23575"
},
{
"name": "ADV-2006-0784",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0784"
},
{
"name": "storebot-mgrlogin-sql-injection(24987)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24987"
},
{
"name": "19019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19019"
}
]
}
}

610
2006/1xxx/CVE-2006-1056.json
View File

@ -1,307 +1,307 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1056",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060419 FreeBSD Security Advisory FreeBSD-SA-06:14.fpu",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431341"
},
{
"name" : "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451404/100/0/threaded"
},
{
"name" : "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451419/100/200/threaded"
},
{
"name" : "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451417/100/200/threaded"
},
{
"name" : "20061113 VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451421/100/0/threaded"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm"
},
{
"name" : "http://kb.vmware.com/kb/2533126",
"refsource" : "CONFIRM",
"url" : "http://kb.vmware.com/kb/2533126"
},
{
"name" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html"
},
{
"name" : "http://www.vmware.com/download/esx/esx-254-200610-patch.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/download/esx/esx-254-200610-patch.html"
},
{
"name" : "DSA-1097",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1097"
},
{
"name" : "DSA-1103",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1103"
},
{
"name" : "FEDORA-2006-423",
"refsource" : "FEDORA",
"url" : "http://lwn.net/Alerts/180820/"
},
{
"name" : "FreeBSD-SA-06:14",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc"
},
{
"name" : "http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt",
"refsource" : "MISC",
"url" : "http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt"
},
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911"
},
{
"name" : "[linux-kernel] 20060419 RE: Linux 2.6.16.9",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-kernel&m=114548768214478&w=2"
},
{
"name" : "RHSA-2006:0579",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0579.html"
},
{
"name" : "RHSA-2006:0437",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0437.html"
},
{
"name" : "RHSA-2006:0575",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0575.html"
},
{
"name" : "SUSE-SA:2006:028",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name" : "SUSE-SU-2014:0446",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name" : "USN-302-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-302-1"
},
{
"name" : "17600",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17600"
},
{
"name" : "oval:org.mitre.oval:def:9995",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9995"
},
{
"name" : "ADV-2006-1426",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1426"
},
{
"name" : "ADV-2006-2554",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name" : "ADV-2006-4353",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4353"
},
{
"name" : "ADV-2006-4502",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4502"
},
{
"name" : "ADV-2006-1475",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1475"
},
{
"name" : "24807",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24807"
},
{
"name" : "24746",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24746"
},
{
"name" : "1015966",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015966"
},
{
"name" : "19724",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19724"
},
{
"name" : "19715",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19715"
},
{
"name" : "20671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20671"
},
{
"name" : "20716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20716"
},
{
"name" : "20914",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20914"
},
{
"name" : "21035",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21035"
},
{
"name" : "21136",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21136"
},
{
"name" : "21465",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21465"
},
{
"name" : "20398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20398"
},
{
"name" : "21983",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21983"
},
{
"name" : "22417",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22417"
},
{
"name" : "22875",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22875"
},
{
"name" : "22876",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22876"
},
{
"name" : "19735",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19735"
},
{
"name" : "amd-fpu-information-disclosure(25871)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25871"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9995",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9995"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911"
},
{
"name": "RHSA-2006:0437",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0437.html"
},
{
"name": "22876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22876"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9"
},
{
"name": "19735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19735"
},
{
"name": "ADV-2006-4502",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4502"
},
{
"name": "ADV-2006-2554",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910"
},
{
"name": "RHSA-2006:0579",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0579.html"
},
{
"name": "20716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20716"
},
{
"name": "22875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22875"
},
{
"name": "FEDORA-2006-423",
"refsource": "FEDORA",
"url": "http://lwn.net/Alerts/180820/"
},
{
"name": "21136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21136"
},
{
"name": "USN-302-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-302-1"
},
{
"name": "http://kb.vmware.com/kb/2533126",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/kb/2533126"
},
{
"name": "24746",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24746"
},
{
"name": "24807",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24807"
},
{
"name": "21983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21983"
},
{
"name": "ADV-2006-4353",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4353"
},
{
"name": "21035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21035"
},
{
"name": "http://www.vmware.com/download/esx/esx-213-200610-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/download/esx/esx-213-200610-patch.html"
},
{
"name": "DSA-1097",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1097"
},
{
"name": "RHSA-2006:0575",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0575.html"
},
{
"name": "SUSE-SA:2006:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name": "20061113 VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451421/100/0/threaded"
},
{
"name": "ADV-2006-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1426"
},
{
"name": "19715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19715"
},
{
"name": "1015966",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015966"
},
{
"name": "20060419 FreeBSD Security Advisory FreeBSD-SA-06:14.fpu",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431341"
},
{
"name": "17600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17600"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm"
},
{
"name": "DSA-1103",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1103"
},
{
"name": "http://www.vmware.com/download/esx/esx-254-200610-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/download/esx/esx-254-200610-patch.html"
},
{
"name": "FreeBSD-SA-06:14",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc"
},
{
"name": "21465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21465"
},
{
"name": "SUSE-SU-2014:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "[linux-kernel] 20060419 RE: Linux 2.6.16.9",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel&m=114548768214478&w=2"
},
{
"name": "ADV-2006-1475",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1475"
},
{
"name": "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451404/100/0/threaded"
},
{
"name": "amd-fpu-information-disclosure(25871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25871"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm"
},
{
"name": "20398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20398"
},
{
"name": "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451417/100/200/threaded"
},
{
"name": "http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt",
"refsource": "MISC",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt"
},
{
"name": "22417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22417"
},
{
"name": "19724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19724"
},
{
"name": "20671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20671"
},
{
"name": "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451419/100/200/threaded"
},
{
"name": "20914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20914"
}
]
}
}

130
2006/1xxx/CVE-2006-1616.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1616",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ns79.hosteur.com/~secuti/advancedpoll.txt",
"refsource" : "MISC",
"url" : "http://ns79.hosteur.com/~secuti/advancedpoll.txt"
},
{
"name" : "advancedpoll-comments-page-sql-injection(25676)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25676"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ns79.hosteur.com/~secuti/advancedpoll.txt",
"refsource": "MISC",
"url": "http://ns79.hosteur.com/~secuti/advancedpoll.txt"
},
{
"name": "advancedpoll-comments-page-sql-injection(25676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25676"
}
]
}
}

130
2006/1xxx/CVE-2006-1974.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securityfocus.com/bid/16443/exploit",
"refsource" : "MISC",
"url" : "http://www.securityfocus.com/bid/16443/exploit"
},
{
"name" : "16443",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16443"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/16443/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/16443/exploit"
},
{
"name": "16443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16443"
}
]
}
}

180
2006/5xxx/CVE-2006-5191.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2477",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2477/"
},
{
"name" : "http://www.nivisec.com/article.php?l=vi&ar=20",
"refsource" : "CONFIRM",
"url" : "http://www.nivisec.com/article.php?l=vi&ar=20"
},
{
"name" : "20353",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20353"
},
{
"name" : "ADV-2006-3916",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3916"
},
{
"name" : "29506",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29506"
},
{
"name" : "22269",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22269"
},
{
"name" : "phpbb-functionsstatictopics-file-include(29347)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29347"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29506",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29506"
},
{
"name": "2477",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2477/"
},
{
"name": "http://www.nivisec.com/article.php?l=vi&ar=20",
"refsource": "CONFIRM",
"url": "http://www.nivisec.com/article.php?l=vi&ar=20"
},
{
"name": "20353",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20353"
},
{
"name": "ADV-2006-3916",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3916"
},
{
"name": "22269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22269"
},
{
"name": "phpbb-functionsstatictopics-file-include(29347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29347"
}
]
}
}

240
2006/5xxx/CVE-2006-5454.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5454",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in \"diff\" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448777/100/100/threaded"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=346086",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=346086"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=346564",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=346564"
},
{
"name" : "http://www.bugzilla.org/security/2.18.5/",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security/2.18.5/"
},
{
"name" : "GLSA-200611-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200611-04.xml"
},
{
"name" : "20538",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20538"
},
{
"name" : "ADV-2006-4035",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4035"
},
{
"name" : "29546",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29546"
},
{
"name" : "29547",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29547"
},
{
"name" : "1017064",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017064"
},
{
"name" : "22790",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22790"
},
{
"name" : "22409",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22409"
},
{
"name" : "1760",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in \"diff\" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22409"
},
{
"name": "1760",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1760"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=346564",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=346564"
},
{
"name": "1017064",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017064"
},
{
"name": "ADV-2006-4035",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4035"
},
{
"name": "29546",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29546"
},
{
"name": "20538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20538"
},
{
"name": "http://www.bugzilla.org/security/2.18.5/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/2.18.5/"
},
{
"name": "22790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22790"
},
{
"name": "29547",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29547"
},
{
"name": "GLSA-200611-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-04.xml"
},
{
"name": "20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448777/100/100/threaded"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=346086",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=346086"
}
]
}
}

190
2007/2xxx/CVE-2007-2053.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2053",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070427 AFFLIB(TM): Multiple Buffer Overflows",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/467038/100/0/threaded"
},
{
"name" : "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt",
"refsource" : "MISC",
"url" : "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"
},
{
"name" : "23695",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23695"
},
{
"name" : "35613",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35613"
},
{
"name" : "35614",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35614"
},
{
"name" : "35615",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35615"
},
{
"name" : "2655",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2655"
},
{
"name" : "afflib-multiple-bo(33961)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2655",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2655"
},
{
"name": "35613",
"refsource": "OSVDB",
"url": "http://osvdb.org/35613"
},
{
"name": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt",
"refsource": "MISC",
"url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"
},
{
"name": "35614",
"refsource": "OSVDB",
"url": "http://osvdb.org/35614"
},
{
"name": "35615",
"refsource": "OSVDB",
"url": "http://osvdb.org/35615"
},
{
"name": "afflib-multiple-bo(33961)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"
},
{
"name": "20070427 AFFLIB(TM): Multiple Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"
},
{
"name": "23695",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23695"
}
]
}
}

230
2007/2xxx/CVE-2007-2294.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070425 ASA-2007-012: Remote Crash Vulnerability in Manager Interface",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466911/100/0/threaded"
},
{
"name" : "http://www.asterisk.org/files/ASA-2007-012.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.asterisk.org/files/ASA-2007-012.pdf"
},
{
"name" : "DSA-1358",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1358"
},
{
"name" : "SUSE-SA:2007:034",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name" : "23649",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23649"
},
{
"name" : "ADV-2007-1534",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1534"
},
{
"name" : "35369",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/35369"
},
{
"name" : "1017955",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017955"
},
{
"name" : "24977",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24977"
},
{
"name" : "25582",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25582"
},
{
"name" : "2646",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2646"
},
{
"name" : "asterisk-interface-dos(33886)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33886"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1534"
},
{
"name": "1017955",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017955"
},
{
"name": "SUSE-SA:2007:034",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "35369",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35369"
},
{
"name": "2646",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2646"
},
{
"name": "25582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25582"
},
{
"name": "asterisk-interface-dos(33886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33886"
},
{
"name": "24977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24977"
},
{
"name": "23649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23649"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "20070425 ASA-2007-012: Remote Crash Vulnerability in Manager Interface",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466911/100/0/threaded"
},
{
"name": "http://www.asterisk.org/files/ASA-2007-012.pdf",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/files/ASA-2007-012.pdf"
}
]
}
}

150
2007/6xxx/CVE-2007-6396.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6396",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071209 Flat PHP Board <= 1.2 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/484803/100/100/threaded"
},
{
"name" : "4705",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4705"
},
{
"name" : "26782",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26782"
},
{
"name" : "43675",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/43675"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071209 Flat PHP Board <= 1.2 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484803/100/100/threaded"
},
{
"name": "43675",
"refsource": "OSVDB",
"url": "http://osvdb.org/43675"
},
{
"name": "4705",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4705"
},
{
"name": "26782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26782"
}
]
}
}

190
2007/6xxx/CVE-2007-6495.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \\Forum\\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \\Forum\\db."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485028/100/0/threaded"
},
{
"name" : "4730",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4730"
},
{
"name" : "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html",
"refsource" : "CONFIRM",
"url" : "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html"
},
{
"name" : "26862",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26862"
},
{
"name" : "44184",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/44184"
},
{
"name" : "1019222",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019222"
},
{
"name" : "28973",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28973"
},
{
"name" : "3474",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3474"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \\Forum\\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \\Forum\\db."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44184",
"refsource": "OSVDB",
"url": "http://osvdb.org/44184"
},
{
"name": "28973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28973"
},
{
"name": "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485028/100/0/threaded"
},
{
"name": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html",
"refsource": "CONFIRM",
"url": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html"
},
{
"name": "3474",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3474"
},
{
"name": "4730",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4730"
},
{
"name": "26862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26862"
},
{
"name": "1019222",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019222"
}
]
}
}

160
2007/6xxx/CVE-2007-6693.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a \"proxied request.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://gallery.menalto.com/gallery_2.2.4_released",
"refsource" : "CONFIRM",
"url" : "http://gallery.menalto.com/gallery_2.2.4_released"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=203217",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=203217"
},
{
"name" : "GLSA-200802-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200802-04.xml"
},
{
"name" : "41659",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/41659"
},
{
"name" : "28898",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a \"proxied request.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://gallery.menalto.com/gallery_2.2.4_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.2.4_released"
},
{
"name": "GLSA-200802-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-04.xml"
},
{
"name": "28898",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28898"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=203217",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=203217"
},
{
"name": "41659",
"refsource": "OSVDB",
"url": "http://osvdb.org/41659"
}
]
}
}

150
2010/0xxx/CVE-2010-0134.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0134",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted \\ls keyword in a list override table entry in an RTF file, which triggers a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-0134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2010-27/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-27/"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21440812",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"
},
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"
},
{
"name" : "41928",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted \\ls keyword in a list override table entry in an RTF file, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"
},
{
"name": "41928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41928"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"
},
{
"name": "http://secunia.com/secunia_research/2010-27/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-27/"
}
]
}
}

290
2010/0xxx/CVE-2010-0304.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0304",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100129 Re: CVE id request: Wireshark",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/01/29/4"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h",
"refsource" : "MISC",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h"
},
{
"name" : "http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname",
"refsource" : "MISC",
"url" : "http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2010-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2010-02.html"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2010-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2010-01.html"
},
{
"name" : "DSA-1983",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-1983"
},
{
"name" : "FEDORA-2010-3556",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036415.html"
},
{
"name" : "MDVSA-2010:031",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:031"
},
{
"name" : "37985",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37985"
},
{
"name" : "61987",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61987"
},
{
"name" : "oval:org.mitre.oval:def:8490",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8490"
},
{
"name" : "oval:org.mitre.oval:def:9933",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9933"
},
{
"name" : "1023516",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023516"
},
{
"name" : "38257",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38257"
},
{
"name" : "38348",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38348"
},
{
"name" : "38829",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38829"
},
{
"name" : "ADV-2010-0239",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0239"
},
{
"name" : "wireshark-lwres-bo(55951)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55951"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1983",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1983"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2010-02.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2010-02.html"
},
{
"name": "[oss-security] 20100129 Re: CVE id request: Wireshark",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/29/4"
},
{
"name": "http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname",
"refsource": "MISC",
"url": "http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname"
},
{
"name": "38348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38348"
},
{
"name": "38829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38829"
},
{
"name": "37985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37985"
},
{
"name": "oval:org.mitre.oval:def:9933",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9933"
},
{
"name": "61987",
"refsource": "OSVDB",
"url": "http://osvdb.org/61987"
},
{
"name": "38257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38257"
},
{
"name": "ADV-2010-0239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0239"
},
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h",
"refsource": "MISC",
"url": "http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h"
},
{
"name": "1023516",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023516"
},
{
"name": "MDVSA-2010:031",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:031"
},
{
"name": "wireshark-lwres-bo(55951)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55951"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2010-01.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2010-01.html"
},
{
"name": "oval:org.mitre.oval:def:8490",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8490"
},
{
"name": "FEDORA-2010-3556",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036415.html"
}
]
}
}

34
2010/0xxx/CVE-2010-0352.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0352",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0352",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2010/0xxx/CVE-2010-0729.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0729",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100312 CVE-2010-0729 kernel: ia64: ptrace: peek_or_poke requests miss ptrace_check_attach()",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/03/12/2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=572007",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=572007"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100090459",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100090459"
},
{
"name" : "RHSA-2010:0394",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0394.html"
},
{
"name" : "38702",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38702"
},
{
"name" : "oval:org.mitre.oval:def:8687",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8687"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100312 CVE-2010-0729 kernel: ia64: ptrace: peek_or_poke requests miss ptrace_check_attach()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/12/2"
},
{
"name": "38702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38702"
},
{
"name": "RHSA-2010:0394",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0394.html"
},
{
"name": "oval:org.mitre.oval:def:8687",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8687"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=572007",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=572007"
},
{
"name": "http://support.avaya.com/css/P8/documents/100090459",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100090459"
}
]
}
}

140
2010/0xxx/CVE-2010-0976.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states \"Important: you must now delete all files beginning with 'install' from the root directory.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt"
},
{
"name" : "10972",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10972"
},
{
"name" : "acidcat-install-info-disclosure(55331)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55331"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states \"Important: you must now delete all files beginning with 'install' from the root directory.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "acidcat-install-info-disclosure(55331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55331"
},
{
"name": "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt"
},
{
"name": "10972",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10972"
}
]
}
}

190
2010/0xxx/CVE-2010-0988.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0988",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-0988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100324 Secunia Research: Pulse CMS Arbitrary File Writing Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510299/100/0/threaded"
},
{
"name" : "20100324 Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510300/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2010-45/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-45/"
},
{
"name" : "http://secunia.com/secunia_research/2010-51/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-51/"
},
{
"name" : "38956",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38956"
},
{
"name" : "63166",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/63166"
},
{
"name" : "63168",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/63168"
},
{
"name" : "39011",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39011"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100324 Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510300/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2010-45/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-45/"
},
{
"name": "http://secunia.com/secunia_research/2010-51/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-51/"
},
{
"name": "63168",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63168"
},
{
"name": "38956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38956"
},
{
"name": "63166",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63166"
},
{
"name": "20100324 Secunia Research: Pulse CMS Arbitrary File Writing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510299/100/0/threaded"
},
{
"name": "39011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39011"
}
]
}
}

130
2010/1xxx/CVE-2010-1011.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1011",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name" : "38795",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38795"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38795"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}

500
2010/1xxx/CVE-2010-1169.json
View File

@ -1,252 +1,252 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/05/20/5"
},
{
"name" : "http://www.postgresql.org/about/news.1203",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/about/news.1203"
},
{
"name" : "http://www.postgresql.org/docs/current/static/release-7-4-29.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/current/static/release-7-4-29.html"
},
{
"name" : "http://www.postgresql.org/docs/current/static/release-8-0-25.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/current/static/release-8-0-25.html"
},
{
"name" : "http://www.postgresql.org/docs/current/static/release-8-1-21.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/current/static/release-8-1-21.html"
},
{
"name" : "http://www.postgresql.org/docs/current/static/release-8-2-17.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/current/static/release-8-2-17.html"
},
{
"name" : "http://www.postgresql.org/docs/current/static/release-8-3-11.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/current/static/release-8-3-11.html"
},
{
"name" : "http://www.postgresql.org/docs/current/static/release-8-4-4.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/current/static/release-8-4-4.html"
},
{
"name" : "http://www.postgresql.org/support/security",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/support/security"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=582615",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=582615"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=588269",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=588269"
},
{
"name" : "DSA-2051",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2051"
},
{
"name" : "FEDORA-2010-8696",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html"
},
{
"name" : "FEDORA-2010-8715",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html"
},
{
"name" : "FEDORA-2010-8723",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html"
},
{
"name" : "HPSBMU02781",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name" : "SSRT100617",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name" : "MDVSA-2010:103",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:103"
},
{
"name" : "RHSA-2010:0427",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0427.html"
},
{
"name" : "RHSA-2010:0428",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0428.html"
},
{
"name" : "RHSA-2010:0429",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0429.html"
},
{
"name" : "RHSA-2010:0430",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0430.html"
},
{
"name" : "SUSE-SR:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name" : "40215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40215"
},
{
"name" : "64755",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64755"
},
{
"name" : "oval:org.mitre.oval:def:10645",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645"
},
{
"name" : "1023988",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023988"
},
{
"name" : "39845",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39845"
},
{
"name" : "39820",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39820"
},
{
"name" : "39898",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39898"
},
{
"name" : "39939",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39939"
},
{
"name" : "39815",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39815"
},
{
"name" : "ADV-2010-1167",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1167"
},
{
"name" : "ADV-2010-1207",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1207"
},
{
"name" : "ADV-2010-1197",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1197"
},
{
"name" : "ADV-2010-1198",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1198"
},
{
"name" : "ADV-2010-1182",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1182"
},
{
"name" : "ADV-2010-1221",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1221"
},
{
"name" : "postgresql-safe-code-execution(58693)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58693"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.postgresql.org/docs/current/static/release-8-1-21.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-8-1-21.html"
},
{
"name": "FEDORA-2010-8715",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html"
},
{
"name": "http://www.postgresql.org/about/news.1203",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news.1203"
},
{
"name": "RHSA-2010:0427",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0427.html"
},
{
"name": "RHSA-2010:0428",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0428.html"
},
{
"name": "HPSBMU02781",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name": "postgresql-safe-code-execution(58693)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58693"
},
{
"name": "DSA-2051",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2051"
},
{
"name": "39898",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39898"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-7-4-29.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-7-4-29.html"
},
{
"name": "39820",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39820"
},
{
"name": "ADV-2010-1198",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1198"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-8-0-25.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-8-0-25.html"
},
{
"name": "ADV-2010-1167",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1167"
},
{
"name": "ADV-2010-1221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1221"
},
{
"name": "39845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39845"
},
{
"name": "40215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40215"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-8-3-11.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-8-3-11.html"
},
{
"name": "ADV-2010-1207",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1207"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-8-2-17.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-8-2-17.html"
},
{
"name": "RHSA-2010:0430",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0430.html"
},
{
"name": "http://www.postgresql.org/support/security",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/support/security"
},
{
"name": "FEDORA-2010-8696",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html"
},
{
"name": "FEDORA-2010-8723",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-8-4-4.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-8-4-4.html"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "ADV-2010-1182",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1182"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=582615",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=582615"
},
{
"name": "39815",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39815"
},
{
"name": "oval:org.mitre.oval:def:10645",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645"
},
{
"name": "RHSA-2010:0429",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0429.html"
},
{
"name": "MDVSA-2010:103",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:103"
},
{
"name": "1023988",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023988"
},
{
"name": "[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/20/5"
},
{
"name": "39939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39939"
},
{
"name": "SSRT100617",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name": "64755",
"refsource": "OSVDB",
"url": "http://osvdb.org/64755"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=588269",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=588269"
},
{
"name": "ADV-2010-1197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1197"
}
]
}
}

260
2010/1xxx/CVE-2010-1320.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1320",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100420 MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510843/100/0/threaded"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490"
},
{
"name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt",
"refsource" : "CONFIRM",
"url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt"
},
{
"name" : "http://support.apple.com/kb/HT4188",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4188"
},
{
"name" : "APPLE-SA-2010-06-15-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name" : "SUSE-SR:2010:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"name" : "USN-940-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-940-1"
},
{
"name" : "39599",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39599"
},
{
"name" : "1023904",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023904"
},
{
"name" : "39656",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39656"
},
{
"name" : "39784",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39784"
},
{
"name" : "40220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40220"
},
{
"name" : "ADV-2010-1001",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1001"
},
{
"name" : "ADV-2010-1192",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1192"
},
{
"name" : "ADV-2010-1481",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "20100420 MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510843/100/0/threaded"
},
{
"name": "39784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39784"
},
{
"name": "USN-940-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-940-1"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "39656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39656"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490"
},
{
"name": "ADV-2010-1192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1192"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "SUSE-SR:2010:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"name": "1023904",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023904"
},
{
"name": "ADV-2010-1001",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1001"
},
{
"name": "39599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39599"
}
]
}
}

390
2010/1xxx/CVE-2010-1324.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514953/100/0/threaded"
},
{
"name" : "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"name" : "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt",
"refsource" : "CONFIRM",
"url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"
},
{
"name" : "http://support.apple.com/kb/HT4581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4581"
},
{
"name" : "http://kb.vmware.com/kb/1035108",
"refsource" : "CONFIRM",
"url" : "http://kb.vmware.com/kb/1035108"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0007.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name" : "APPLE-SA-2011-03-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name" : "FEDORA-2010-18409",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"
},
{
"name" : "FEDORA-2010-18425",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"
},
{
"name" : "HPSBUX02623",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129562442714657&w=2"
},
{
"name" : "SSRT100355",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129562442714657&w=2"
},
{
"name" : "MDVSA-2010:246",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"
},
{
"name" : "RHSA-2010:0925",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0925.html"
},
{
"name" : "SUSE-SR:2010:023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name" : "SUSE-SR:2010:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name" : "USN-1030-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1030-1"
},
{
"name" : "45116",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45116"
},
{
"name" : "69609",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69609"
},
{
"name" : "oval:org.mitre.oval:def:11936",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936"
},
{
"name" : "1024803",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024803"
},
{
"name" : "42399",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42399"
},
{
"name" : "43015",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43015"
},
{
"name" : "ADV-2010-3094",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3094"
},
{
"name" : "ADV-2010-3095",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3095"
},
{
"name" : "ADV-2010-3118",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3118"
},
{
"name" : "ADV-2011-0187",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0187"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-3094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3094"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "MDVSA-2010:246",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"
},
{
"name": "FEDORA-2010-18425",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"
},
{
"name": "http://kb.vmware.com/kb/1035108",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/kb/1035108"
},
{
"name": "ADV-2010-3118",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3118"
},
{
"name": "oval:org.mitre.oval:def:11936",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936"
},
{
"name": "ADV-2011-0187",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0187"
},
{
"name": "20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded"
},
{
"name": "SUSE-SR:2010:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "69609",
"refsource": "OSVDB",
"url": "http://osvdb.org/69609"
},
{
"name": "HPSBUX02623",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"
},
{
"name": "SSRT100355",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2"
},
{
"name": "ADV-2010-3095",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3095"
},
{
"name": "42399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42399"
},
{
"name": "45116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45116"
},
{
"name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"name": "1024803",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024803"
},
{
"name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"name": "FEDORA-2010-18409",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "RHSA-2010:0925",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html"
},
{
"name": "USN-1030-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1030-1"
},
{
"name": "43015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43015"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
}

150
2010/1xxx/CVE-2010-1472.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1472",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1004-exploits/joomlahoroscope-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/joomlahoroscope-lfi.txt"
},
{
"name" : "12167",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12167"
},
{
"name" : "39406",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39406"
},
{
"name" : "ADV-2010-0859",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0859"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0859",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0859"
},
{
"name": "12167",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12167"
},
{
"name": "39406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39406"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlahoroscope-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlahoroscope-lfi.txt"
}
]
}
}

230
2010/1xxx/CVE-2010-1643.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1643",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100526 CVE request - kernel: nfsd: fix vm overcommit crash",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/05/26/2"
},
{
"name" : "[oss-security] 20100526 Re: CVE request - kernel: nfsd: fix vm overcommit crash",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/05/26/6"
},
{
"name" : "http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666",
"refsource" : "MISC",
"url" : "http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731572d39fcd3498702eda4600db4c43d51e0b26",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731572d39fcd3498702eda4600db4c43d51e0b26"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc3",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc3"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=595970",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=595970"
},
{
"name" : "MDVSA-2010:198",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
},
{
"name" : "SUSE-SA:2010:031",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html"
},
{
"name" : "40377",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40377"
},
{
"name" : "40645",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40645"
},
{
"name" : "ADV-2010-1857",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1857"
},
{
"name" : "linux-kernel-knfsd-dos(58957)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58957"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100526 Re: CVE request - kernel: nfsd: fix vm overcommit crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/26/6"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731572d39fcd3498702eda4600db4c43d51e0b26",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731572d39fcd3498702eda4600db4c43d51e0b26"
},
{
"name": "[oss-security] 20100526 CVE request - kernel: nfsd: fix vm overcommit crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/26/2"
},
{
"name": "SUSE-SA:2010:031",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html"
},
{
"name": "MDVSA-2010:198",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=595970",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=595970"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc3",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc3"
},
{
"name": "40645",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40645"
},
{
"name": "linux-kernel-knfsd-dos(58957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58957"
},
{
"name": "http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666",
"refsource": "MISC",
"url": "http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666"
},
{
"name": "40377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40377"
},
{
"name": "ADV-2010-1857",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1857"
}
]
}
}

370
2010/4xxx/CVE-2010-4494.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4494",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=63444",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=63444"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html"
},
{
"name" : "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html",
"refsource" : "CONFIRM",
"url" : "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html"
},
{
"name" : "http://support.apple.com/kb/HT4554",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4554"
},
{
"name" : "http://support.apple.com/kb/HT4564",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4564"
},
{
"name" : "http://support.apple.com/kb/HT4566",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4566"
},
{
"name" : "http://support.apple.com/kb/HT4581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4581"
},
{
"name" : "APPLE-SA-2011-03-02-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2011-03-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name" : "APPLE-SA-2011-03-09-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name" : "APPLE-SA-2011-03-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name" : "DSA-2137",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2137"
},
{
"name" : "FEDORA-2011-2697",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html"
},
{
"name" : "HPSBGN02970",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2"
},
{
"name" : "MDVSA-2010:260",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:260"
},
{
"name" : "RHSA-2011:1749",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1749.html"
},
{
"name" : "RHSA-2013:0217",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0217.html"
},
{
"name" : "SUSE-SR:2011:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name" : "oval:org.mitre.oval:def:11916",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916"
},
{
"name" : "42721",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42721"
},
{
"name" : "42762",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42762"
},
{
"name" : "40775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40775"
},
{
"name" : "42472",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42472"
},
{
"name" : "ADV-2010-3319",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3319"
},
{
"name" : "ADV-2010-3336",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3336"
},
{
"name" : "ADV-2011-0230",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0230"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2010:260",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:260"
},
{
"name": "40775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40775"
},
{
"name": "http://support.apple.com/kb/HT4564",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4564"
},
{
"name": "ADV-2010-3336",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3336"
},
{
"name": "ADV-2011-0230",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "DSA-2137",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2137"
},
{
"name": "RHSA-2013:0217",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html"
},
{
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "42721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42721"
},
{
"name": "RHSA-2011:1749",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1749.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "APPLE-SA-2011-03-02-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html"
},
{
"name": "FEDORA-2011-2697",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html"
},
{
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "42472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42472"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=63444",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=63444"
},
{
"name": "oval:org.mitre.oval:def:11916",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916"
},
{
"name": "http://support.apple.com/kb/HT4554",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4554"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "42762",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42762"
},
{
"name": "ADV-2010-3319",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3319"
},
{
"name": "HPSBGN02970",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
}

140
2010/4xxx/CVE-2010-4520.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4520",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101216 CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/12/16/7"
},
{
"name" : "[oss-security] 20101221 Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/12/22/1"
},
{
"name" : "http://drupal.org/node/829840",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/829840"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/829840",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/829840"
},
{
"name": "[oss-security] 20101216 CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/12/16/7"
},
{
"name": "[oss-security] 20101221 Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/12/22/1"
}
]
}
}

120
2010/4xxx/CVE-2010-4723.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4723",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt",
"refsource" : "CONFIRM",
"url" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt",
"refsource": "CONFIRM",
"url": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt"
}
]
}
}

34
2014/0xxx/CVE-2014-0070.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0070",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-0070",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

150
2014/0xxx/CVE-2014-0218.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0218",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140519 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/05/19/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=260366",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=260366"
},
{
"name" : "67479",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67479"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=260366",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=260366"
},
{
"name": "67479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67479"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332"
},
{
"name": "[oss-security] 20140519 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/05/19/1"
}
]
}
}

120
2014/0xxx/CVE-2014-0707.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
]
}
}

34
2014/0xxx/CVE-2014-0801.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0801",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0801",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/0xxx/CVE-2014-0839.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0839",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665005",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665005"
},
{
"name" : "ibm-focalpoint-cve20140839-sec-bypass(90696)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90696"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21665005",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665005"
},
{
"name": "ibm-focalpoint-cve20140839-sec-bypass(90696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90696"
}
]
}
}

120
2014/1xxx/CVE-2014-1314.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1314",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2014-04-22-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2014-04-22-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
}
]
}
}

160
2014/1xxx/CVE-2014-1652.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1652",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-1652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00"
},
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00"
},
{
"name" : "VU#719172",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/719172"
},
{
"name" : "67755",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67755"
},
{
"name" : "1030443",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030443"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67755"
},
{
"name": "1030443",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030443"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00"
},
{
"name": "VU#719172",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/719172"
}
]
}
}

34
2014/1xxx/CVE-2014-1659.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1659",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-1659",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

230
2014/1xxx/CVE-2014-1694.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140129 CVE Request: otrs: CSRF issue in customer web interface",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/01/29/7"
},
{
"name" : "[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/01/29/15"
},
{
"name" : "http://bugs.otrs.org/show_bug.cgi?id=10099",
"refsource" : "CONFIRM",
"url" : "http://bugs.otrs.org/show_bug.cgi?id=10099"
},
{
"name" : "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7",
"refsource" : "CONFIRM",
"url" : "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7"
},
{
"name" : "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312",
"refsource" : "CONFIRM",
"url" : "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312"
},
{
"name" : "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77",
"refsource" : "CONFIRM",
"url" : "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77"
},
{
"name" : "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4",
"refsource" : "CONFIRM",
"url" : "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4"
},
{
"name" : "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface",
"refsource" : "CONFIRM",
"url" : "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface"
},
{
"name" : "DSA-2867",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2867"
},
{
"name" : "102632",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102632"
},
{
"name" : "56644",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56644"
},
{
"name" : "56655",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56655"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102632",
"refsource": "OSVDB",
"url": "http://osvdb.org/102632"
},
{
"name": "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface"
},
{
"name": "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7"
},
{
"name": "[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/15"
},
{
"name": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4"
},
{
"name": "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312"
},
{
"name": "56655",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56655"
},
{
"name": "[oss-security] 20140129 CVE Request: otrs: CSRF issue in customer web interface",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/29/7"
},
{
"name": "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77",
"refsource": "CONFIRM",
"url": "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77"
},
{
"name": "56644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56644"
},
{
"name": "DSA-2867",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2867"
},
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=10099",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=10099"
}
]
}
}

130
2014/1xxx/CVE-2014-1979.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1979",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#89260331",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN89260331/index.html"
},
{
"name" : "JVNDB-2014-000029",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#89260331",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN89260331/index.html"
},
{
"name": "JVNDB-2014-000029",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029"
}
]
}
}

130
2014/4xxx/CVE-2014-4295.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4295",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-6538, and CVE-2014-6563."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "70498",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70498"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-6538, and CVE-2014-6563."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "70498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70498"
}
]
}
}

170
2014/4xxx/CVE-2014-4725.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140708 Re: CVE request: WordPress plugin wysija-newsletters remote file upload",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/07/08/7"
},
{
"name" : "http://arstechnica.com/security/2014/07/mass-exploit-of-wordpress-plugin-backdoors-sites-running-joomla-magento-too/",
"refsource" : "MISC",
"url" : "http://arstechnica.com/security/2014/07/mass-exploit-of-wordpress-plugin-backdoors-sites-running-joomla-magento-too/"
},
{
"name" : "http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html",
"refsource" : "MISC",
"url" : "http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html"
},
{
"name" : "http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html",
"refsource" : "MISC",
"url" : "http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html"
},
{
"name" : "http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html",
"refsource" : "MISC",
"url" : "http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html"
},
{
"name" : "https://wordpress.org/plugins/wysija-newsletters/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/wysija-newsletters/changelog/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/wysija-newsletters/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wysija-newsletters/changelog/"
},
{
"name": "http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html",
"refsource": "MISC",
"url": "http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html"
},
{
"name": "http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html",
"refsource": "MISC",
"url": "http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html"
},
{
"name": "http://arstechnica.com/security/2014/07/mass-exploit-of-wordpress-plugin-backdoors-sites-running-joomla-magento-too/",
"refsource": "MISC",
"url": "http://arstechnica.com/security/2014/07/mass-exploit-of-wordpress-plugin-backdoors-sites-running-joomla-magento-too/"
},
{
"name": "[oss-security] 20140708 Re: CVE request: WordPress plugin wysija-newsletters remote file upload",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/7"
},
{
"name": "http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html",
"refsource": "MISC",
"url": "http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html"
}
]
}
}

34
2014/4xxx/CVE-2014-4859.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4859",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4859",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/9xxx/CVE-2014-9099.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html"
},
{
"name" : "68954",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68954"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68954"
},
{
"name": "http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html"
}
]
}
}

140
2014/9xxx/CVE-2014-9227.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9227",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-9227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00"
},
{
"name" : "75203",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75203"
},
{
"name" : "1032616",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032616"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00"
},
{
"name": "1032616",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032616"
},
{
"name": "75203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75203"
}
]
}
}

120
2014/9xxx/CVE-2014-9395.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simplehoverback, (2) simplehovertext, (3) flickrback, or (4) simple_flimit parameter in the simplelife.php page to wp-admin/options-general.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/129641/WordPress-Simplelife-1.2-CSRF-XSS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129641/WordPress-Simplelife-1.2-CSRF-XSS.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simplehoverback, (2) simplehovertext, (3) flickrback, or (4) simple_flimit parameter in the simplelife.php page to wp-admin/options-general.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129641/WordPress-Simplelife-1.2-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129641/WordPress-Simplelife-1.2-CSRF-XSS.html"
}
]
}
}

140
2014/9xxx/CVE-2014-9578.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of a password hash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141218 SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/76"
},
{
"name" : "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html"
},
{
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of a password hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141218 SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/76"
},
{
"name": "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt"
}
]
}
}

122
2014/9xxx/CVE-2014-9969.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-07-01T00:00:00",
"ID" : "CVE-2014-9969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of a Broken or Risky Cryptographic Algorithm in GNSS"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-07-01T00:00:00",
"ID": "CVE-2014-9969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm in GNSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
}
]
}
}

150
2016/3xxx/CVE-2016-3316.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3316",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40238",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40238/"
},
{
"name" : "MS16-099",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
},
{
"name" : "92300",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92300"
},
{
"name" : "1036559",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036559"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036559",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036559"
},
{
"name": "92300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92300"
},
{
"name": "40238",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40238/"
},
{
"name": "MS16-099",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
}
]
}
}

140
2016/3xxx/CVE-2016-3372.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka \"Windows Kernel Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-111",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111"
},
{
"name" : "92815",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92815"
},
{
"name" : "1036802",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036802"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka \"Windows Kernel Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-111",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111"
},
{
"name": "92815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92815"
},
{
"name": "1036802",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036802"
}
]
}
}

130
2016/3xxx/CVE-2016-3462.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3462",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name" : "1035629",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035629"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035629",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035629"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
]
}
}

120
2016/3xxx/CVE-2016-3808.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3808",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

160
2016/7xxx/CVE-2016-7142.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/04/3"
},
{
"name" : "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/05/8"
},
{
"name" : "http://www.inspircd.org/2016/09/03/v2023-released.html",
"refsource" : "CONFIRM",
"url" : "http://www.inspircd.org/2016/09/03/v2023-released.html"
},
{
"name" : "https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a",
"refsource" : "CONFIRM",
"url" : "https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a"
},
{
"name" : "DSA-3662",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3662"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.inspircd.org/2016/09/03/v2023-released.html",
"refsource": "CONFIRM",
"url": "http://www.inspircd.org/2016/09/03/v2023-released.html"
},
{
"name": "https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a",
"refsource": "CONFIRM",
"url": "https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a"
},
{
"name": "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/8"
},
{
"name": "[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/04/3"
},
{
"name": "DSA-3662",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3662"
}
]
}
}

34
2016/7xxx/CVE-2016-7325.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7325",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7325",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

150
2016/8xxx/CVE-2016-8017.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2016-8017",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VirusScan Enterprise Linux (VSEL)",
"version" : {
"version_data" : [
{
"version_value" : "2.0.3 (and earlier)"
}
]
}
}
]
},
"vendor_name" : "Intel"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Special element injection vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2016-8017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VirusScan Enterprise Linux (VSEL)",
"version": {
"version_data": [
{
"version_value": "2.0.3 (and earlier)"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40911",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40911/"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181"
},
{
"name" : "94823",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94823"
},
{
"name" : "1037433",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037433"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Special element injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94823"
},
{
"name": "1037433",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037433"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181"
},
{
"name": "40911",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40911/"
}
]
}
}

34
2016/8xxx/CVE-2016-8269.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8269",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8269",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/8xxx/CVE-2016-8599.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8599",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8599",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/8xxx/CVE-2016-8857.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8857",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8857",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/9xxx/CVE-2016-9165.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-606",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-606"
},
{
"name" : "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html",
"refsource" : "CONFIRM",
"url" : "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
},
{
"name" : "94257",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94257"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94257"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-606",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-606"
},
{
"name": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html",
"refsource": "CONFIRM",
"url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
}
]
}
}

34
2016/9xxx/CVE-2016-9652.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9652",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9652",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/9xxx/CVE-2016-9912.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9912",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161208 Re: CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/08/6"
},
{
"name" : "GLSA-201701-49",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-49"
},
{
"name" : "94760",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/6"
},
{
"name": "GLSA-201701-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "94760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94760"
}
]
}
}

140
2019/2xxx/CVE-2019-2444.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Oracle Database",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.2.0.1"
},
{
"version_affected" : "=",
"version_value" : "18c"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.2.0.1"
},
{
"version_affected": "=",
"version_value": "18c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106584",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106584"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106584"
}
]
}
}