admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:28:07 +00:00
parent 0017db70b8
commit 0d21a13a7e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 4672 additions and 4672 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
2006/0xxx/CVE-2006-0129.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060104 Rockliffe Mailsite User Enumeration Flaw",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/040970.html"
},
{
"name" : "http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt",
"refsource" : "MISC",
"url" : "http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt"
},
{
"name" : "ADV-2006-0055",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0055"
},
{
"name" : "22230",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22230"
},
{
"name" : "18318",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18318"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt",
"refsource": "MISC",
"url": "http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt"
},
{
"name": "ADV-2006-0055",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0055"
},
{
"name": "18318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18318"
},
{
"name": "22230",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22230"
},
{
"name": "20060104 Rockliffe Mailsite User Enumeration Flaw",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/040970.html"
}
]
}
}

148
2006/0xxx/CVE-2006-0588.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060204 [KAPDA::#26] - MyTopix Sql Injection & Path Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423950/100/0/threaded"
},
{
"name" : "http://kapda.ir/advisory-249.html",
"refsource" : "MISC",
"url" : "http://kapda.ir/advisory-249.html"
},
{
"name" : "413",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/413"
},
{
"name" : "mytopix-search-sql-injection(24502)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24502"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "413",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/413"
},
{
"name": "20060204 [KAPDA::#26] - MyTopix Sql Injection & Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423950/100/0/threaded"
},
{
"name": "http://kapda.ir/advisory-249.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-249.html"
},
{
"name": "mytopix-search-sql-injection(24502)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24502"
}
]
}
}

188
2006/0xxx/CVE-2006-0725.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File",
"refsource" : "CONFIRM",
"url" : "http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File"
},
{
"name" : "16662",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16662"
},
{
"name" : "ADV-2006-0599",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0599"
},
{
"name" : "23204",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23204"
},
{
"name" : "18883",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18883"
},
{
"name" : "1015624",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015624"
},
{
"name" : "plumecms-prepend-file-include(24697)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24697"
},
{
"name" : "plumecms-frontinc-prepend-file-include(27699)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27699"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015624",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015624"
},
{
"name": "plumecms-prepend-file-include(24697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24697"
},
{
"name": "plumecms-frontinc-prepend-file-include(27699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27699"
},
{
"name": "18883",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18883"
},
{
"name": "ADV-2006-0599",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0599"
},
{
"name": "23204",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23204"
},
{
"name": "http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File",
"refsource": "CONFIRM",
"url": "http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File"
},
{
"name": "16662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16662"
}
]
}
}

188
2006/0xxx/CVE-2006-0759.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0759",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060210 HiveMail <= 1.3 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-02/0162.html"
},
{
"name" : "http://forum.hivemail.com/showthread.php?p=26745",
"refsource" : "MISC",
"url" : "http://forum.hivemail.com/showthread.php?p=26745"
},
{
"name" : "http://www.gulftech.org/?node=research&article_id=00098-02102006",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00098-02102006"
},
{
"name" : "16591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16591"
},
{
"name" : "ADV-2006-0527",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0527"
},
{
"name" : "18807",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18807"
},
{
"name" : "422",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/422"
},
{
"name" : "hivemail-index-sql-injection(24623)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24623"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.hivemail.com/showthread.php?p=26745",
"refsource": "MISC",
"url": "http://forum.hivemail.com/showthread.php?p=26745"
},
{
"name": "16591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16591"
},
{
"name": "422",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/422"
},
{
"name": "ADV-2006-0527",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0527"
},
{
"name": "20060210 HiveMail <= 1.3 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0162.html"
},
{
"name": "hivemail-index-sql-injection(24623)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24623"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00098-02102006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00098-02102006"
},
{
"name": "18807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18807"
}
]
}
}

198
2006/0xxx/CVE-2006-0994.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with \"invalid folder count values,\" which leads to heap corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060508 ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433272/100/0/threaded"
},
{
"name" : "20060508 ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045897.html"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-012.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-012.html"
},
{
"name" : "17876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17876"
},
{
"name" : "ADV-2006-1730",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1730"
},
{
"name" : "1016041",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016041"
},
{
"name" : "20028",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20028"
},
{
"name" : "869",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/869"
},
{
"name" : "sophos-cab-parsing-bo(26305)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26305"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with \"invalid folder count values,\" which leads to heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-012.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-012.html"
},
{
"name": "1016041",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016041"
},
{
"name": "869",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/869"
},
{
"name": "sophos-cab-parsing-bo(26305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26305"
},
{
"name": "20060508 ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045897.html"
},
{
"name": "17876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17876"
},
{
"name": "20060508 ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433272/100/0/threaded"
},
{
"name": "20028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20028"
},
{
"name": "ADV-2006-1730",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1730"
}
]
}
}

208
2006/1xxx/CVE-2006-1534.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1534",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Null news allow remote attackers to execute arbitrary SQL commands via (1) the user_email parameter in (a) lostpass.php, and the (2) user_email and (3) user_username parameters in (b) sub.php and (c) unsub.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060408 [eVuln] Null news SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430298/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/109/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/109/summary.html"
},
{
"name" : "17300",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17300"
},
{
"name" : "ADV-2006-1151",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1151"
},
{
"name" : "24240",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24240"
},
{
"name" : "24241",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24241"
},
{
"name" : "24242",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24242"
},
{
"name" : "19413",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19413"
},
{
"name" : "682",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/682"
},
{
"name" : "nullnews-multiple-sql-injection(25502)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25502"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Null news allow remote attackers to execute arbitrary SQL commands via (1) the user_email parameter in (a) lostpass.php, and the (2) user_email and (3) user_username parameters in (b) sub.php and (c) unsub.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24240",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24240"
},
{
"name": "24241",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24241"
},
{
"name": "19413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19413"
},
{
"name": "http://evuln.com/vulns/109/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/109/summary.html"
},
{
"name": "nullnews-multiple-sql-injection(25502)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25502"
},
{
"name": "20060408 [eVuln] Null news SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430298/100/0/threaded"
},
{
"name": "24242",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24242"
},
{
"name": "ADV-2006-1151",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1151"
},
{
"name": "17300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17300"
},
{
"name": "682",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/682"
}
]
}
}

208
2006/1xxx/CVE-2006-1548.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1548",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html",
"refsource" : "CONFIRM",
"url" : "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html"
},
{
"name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=38749",
"refsource" : "CONFIRM",
"url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=38749"
},
{
"name" : "https://issues.apache.org/struts/browse/STR-2781",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/struts/browse/STR-2781"
},
{
"name" : "SUSE-SR:2006:010",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name" : "17342",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17342"
},
{
"name" : "ADV-2006-1205",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1205"
},
{
"name" : "1015856",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015856"
},
{
"name" : "19493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19493"
},
{
"name" : "20117",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20117"
},
{
"name" : "struts-lookupmap-xss(25614)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25614"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "struts-lookupmap-xss(25614)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25614"
},
{
"name": "1015856",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015856"
},
{
"name": "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html",
"refsource": "CONFIRM",
"url": "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html"
},
{
"name": "ADV-2006-1205",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1205"
},
{
"name": "17342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17342"
},
{
"name": "19493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19493"
},
{
"name": "https://issues.apache.org/struts/browse/STR-2781",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/struts/browse/STR-2781"
},
{
"name": "http://issues.apache.org/bugzilla/show_bug.cgi?id=38749",
"refsource": "CONFIRM",
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=38749"
},
{
"name": "SUSE-SR:2006:010",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20117"
}
]
}
}

198
2006/1xxx/CVE-2006-1595.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via \"..\" sequences in the file parameter in a rqEditHtml command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1627",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1627"
},
{
"name" : "http://retrogod.altervista.org/claroline_174_incl_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/claroline_174_incl_xpl.html"
},
{
"name" : "20060331 Re: [Full-disclosure] Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit by rgod",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1905.html"
},
{
"name" : "17344",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17344"
},
{
"name" : "ADV-2006-1187",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1187"
},
{
"name" : "24285",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24285"
},
{
"name" : "24284",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24284"
},
{
"name" : "19461",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19461"
},
{
"name" : "claroline-rqmkhtml-xss(25562)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25562"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via \"..\" sequences in the file parameter in a rqEditHtml command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17344"
},
{
"name": "http://retrogod.altervista.org/claroline_174_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/claroline_174_incl_xpl.html"
},
{
"name": "19461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19461"
},
{
"name": "24284",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24284"
},
{
"name": "20060331 Re: [Full-disclosure] Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit by rgod",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1905.html"
},
{
"name": "ADV-2006-1187",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1187"
},
{
"name": "24285",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24285"
},
{
"name": "1627",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1627"
},
{
"name": "claroline-rqmkhtml-xss(25562)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25562"
}
]
}
}

178
2006/1xxx/CVE-2006-1835.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1835",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060416 Calendarix \"yearcal.php\" XSS Attacking",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431122/100/0/threaded"
},
{
"name" : "17562",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17562"
},
{
"name" : "ADV-2006-1376",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1376"
},
{
"name" : "1015954",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015954"
},
{
"name" : "19710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19710"
},
{
"name" : "727",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/727"
},
{
"name" : "calendarix-yearcal-xss(25874)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25874"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17562"
},
{
"name": "19710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19710"
},
{
"name": "727",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/727"
},
{
"name": "20060416 Calendarix \"yearcal.php\" XSS Attacking",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431122/100/0/threaded"
},
{
"name": "calendarix-yearcal-xss(25874)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25874"
},
{
"name": "1015954",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015954"
},
{
"name": "ADV-2006-1376",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1376"
}
]
}
}

348
2006/1xxx/CVE-2006-1936.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1936",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00023.html",
"refsource" : "CONFIRM",
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00023.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm"
},
{
"name" : "DSA-1049",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1049"
},
{
"name" : "FEDORA-2006-456",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00194.html"
},
{
"name" : "FEDORA-2006-461",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00195.html"
},
{
"name" : "GLSA-200604-17",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-17.xml"
},
{
"name" : "MDKSA-2006:077",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:077"
},
{
"name" : "RHSA-2006:0420",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0420.html"
},
{
"name" : "20060501-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name" : "SUSE-SR:2006:010",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name" : "17682",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17682"
},
{
"name" : "oval:org.mitre.oval:def:10341",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10341"
},
{
"name" : "ADV-2006-1501",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1501"
},
{
"name" : "1015985",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015985"
},
{
"name" : "19769",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19769"
},
{
"name" : "19805",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19805"
},
{
"name" : "19828",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19828"
},
{
"name" : "19839",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19839"
},
{
"name" : "19958",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19958"
},
{
"name" : "19962",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19962"
},
{
"name" : "20117",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20117"
},
{
"name" : "20944",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20944"
},
{
"name" : "20210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20210"
},
{
"name" : "ethereal-telnet-dissector-bo(26029)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26029"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19828"
},
{
"name": "19839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19839"
},
{
"name": "20210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20210"
},
{
"name": "FEDORA-2006-456",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00194.html"
},
{
"name": "MDKSA-2006:077",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:077"
},
{
"name": "http://www.ethereal.com/appnotes/enpa-sa-00023.html",
"refsource": "CONFIRM",
"url": "http://www.ethereal.com/appnotes/enpa-sa-00023.html"
},
{
"name": "19769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19769"
},
{
"name": "19962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19962"
},
{
"name": "FEDORA-2006-461",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00195.html"
},
{
"name": "1015985",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015985"
},
{
"name": "GLSA-200604-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-17.xml"
},
{
"name": "ADV-2006-1501",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1501"
},
{
"name": "DSA-1049",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1049"
},
{
"name": "oval:org.mitre.oval:def:10341",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10341"
},
{
"name": "19805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19805"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm"
},
{
"name": "ethereal-telnet-dissector-bo(26029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26029"
},
{
"name": "20060501-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "SUSE-SR:2006:010",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20117"
},
{
"name": "17682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17682"
},
{
"name": "20944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20944"
},
{
"name": "RHSA-2006:0420",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0420.html"
},
{
"name": "19958",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19958"
}
]
}
}

238
2006/5xxx/CVE-2006-5108.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5108",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060926 CubeCart Multiple input Validation vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447009/100/0/threaded"
},
{
"name" : "20215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20215"
},
{
"name" : "ADV-2006-3818",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3818"
},
{
"name" : "29246",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29246"
},
{
"name" : "29247",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29247"
},
{
"name" : "29248",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29248"
},
{
"name" : "29249",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29249"
},
{
"name" : "29250",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29250"
},
{
"name" : "29251",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29251"
},
{
"name" : "29252",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29252"
},
{
"name" : "22175",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22175"
},
{
"name" : "1662",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1662"
},
{
"name" : "cubecart-multiple-scripts-xss(29177)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29177"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29249",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29249"
},
{
"name": "20060926 CubeCart Multiple input Validation vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447009/100/0/threaded"
},
{
"name": "20215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20215"
},
{
"name": "ADV-2006-3818",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3818"
},
{
"name": "cubecart-multiple-scripts-xss(29177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29177"
},
{
"name": "29251",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29251"
},
{
"name": "29248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29248"
},
{
"name": "1662",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1662"
},
{
"name": "29250",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29250"
},
{
"name": "29246",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29246"
},
{
"name": "29252",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29252"
},
{
"name": "22175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22175"
},
{
"name": "29247",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29247"
}
]
}
}

168
2006/5xxx/CVE-2006-5114.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5114",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060928 SAP Internet Transaction Server XSS vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447262/100/0/threaded"
},
{
"name" : "20244",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20244"
},
{
"name" : "ADV-2006-3894",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3894"
},
{
"name" : "22171",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22171"
},
{
"name" : "1665",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1665"
},
{
"name" : "sapits-login-xss(29245)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29245"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1665",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1665"
},
{
"name": "20244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20244"
},
{
"name": "20060928 SAP Internet Transaction Server XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447262/100/0/threaded"
},
{
"name": "22171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22171"
},
{
"name": "ADV-2006-3894",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3894"
},
{
"name": "sapits-login-xss(29245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29245"
}
]
}
}

148
2006/5xxx/CVE-2006-5129.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060926 JAF CMS 4.0 RC1 multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447081/100/0/threaded"
},
{
"name" : "20225",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20225"
},
{
"name" : "22143",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22143"
},
{
"name" : "1674",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1674"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20225"
},
{
"name": "1674",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1674"
},
{
"name": "22143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22143"
},
{
"name": "20060926 JAF CMS 4.0 RC1 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447081/100/0/threaded"
}
]
}
}

488
2007/2xxx/CVE-2007-2242.json
View File

@ -1,247 +1,247 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070615 rPSA-2007-0124-1 kernel xen",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/471457"
},
{
"name" : "20070508 FLEA-2007-0016-1: kernel",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/467939/30/6690/threaded"
},
{
"name" : "http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf",
"refsource" : "MISC",
"url" : "http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1310",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1310"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=306375",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=306375"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=305712",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=305712"
},
{
"name" : "FreeBSD-SA-07:03.ipv6",
"refsource" : "FREEBSD",
"url" : "http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc"
},
{
"name" : "MDKSA-2007:171",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name" : "MDKSA-2007:196",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name" : "MDKSA-2007:216",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:216"
},
{
"name" : "[3.9] 20070423 022: SECURITY FIX: April 23, 2007",
"refsource" : "OPENBSD",
"url" : "http://openbsd.org/errata39.html#022_route6"
},
{
"name" : "[4.0] 20070423 012: SECURITY FIX: April 23, 2007",
"refsource" : "OPENBSD",
"url" : "http://openbsd.org/errata40.html#012_route6"
},
{
"name" : "RHSA-2007:0347",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0347.html"
},
{
"name" : "SUSE-SA:2007:051",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
},
{
"name" : "SUSE-SA:2008:006",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"
},
{
"name" : "USN-486-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name" : "USN-508-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-508-1"
},
{
"name" : "VU#267289",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/267289"
},
{
"name" : "23615",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23615"
},
{
"name" : "oval:org.mitre.oval:def:9574",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9574"
},
{
"name" : "ADV-2007-1563",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1563"
},
{
"name" : "ADV-2007-3050",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3050"
},
{
"name" : "ADV-2007-2270",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2270"
},
{
"name" : "1017949",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017949"
},
{
"name" : "24978",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24978"
},
{
"name" : "25033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25033"
},
{
"name" : "25068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25068"
},
{
"name" : "25083",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25083"
},
{
"name" : "25288",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25288"
},
{
"name" : "25691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25691"
},
{
"name" : "25770",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25770"
},
{
"name" : "26133",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26133"
},
{
"name" : "26651",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26651"
},
{
"name" : "26703",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26703"
},
{
"name" : "26620",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26620"
},
{
"name" : "26664",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26664"
},
{
"name" : "28806",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28806"
},
{
"name" : "openbsd-ipv6-type0-dos(33851)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33851"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-07:03.ipv6",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc"
},
{
"name": "24978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24978"
},
{
"name": "26703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26703"
},
{
"name": "RHSA-2007:0347",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0347.html"
},
{
"name": "25770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25770"
},
{
"name": "26664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26664"
},
{
"name": "SUSE-SA:2007:051",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
},
{
"name": "20070508 FLEA-2007-0016-1: kernel",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467939/30/6690/threaded"
},
{
"name": "28806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28806"
},
{
"name": "23615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23615"
},
{
"name": "oval:org.mitre.oval:def:9574",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9574"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306375",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306375"
},
{
"name": "26651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26651"
},
{
"name": "[3.9] 20070423 022: SECURITY FIX: April 23, 2007",
"refsource": "OPENBSD",
"url": "http://openbsd.org/errata39.html#022_route6"
},
{
"name": "MDKSA-2007:171",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "MDKSA-2007:216",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:216"
},
{
"name": "http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf",
"refsource": "MISC",
"url": "http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf"
},
{
"name": "1017949",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017949"
},
{
"name": "[4.0] 20070423 012: SECURITY FIX: April 23, 2007",
"refsource": "OPENBSD",
"url": "http://openbsd.org/errata40.html#012_route6"
},
{
"name": "25288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25288"
},
{
"name": "ADV-2007-1563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1563"
},
{
"name": "25083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25083"
},
{
"name": "26620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26620"
},
{
"name": "ADV-2007-2270",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2270"
},
{
"name": "MDKSA-2007:196",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "20070615 rPSA-2007-0124-1 kernel xen",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471457"
},
{
"name": "25068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25068"
},
{
"name": "SUSE-SA:2008:006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"
},
{
"name": "VU#267289",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/267289"
},
{
"name": "USN-486-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "USN-508-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-508-1"
},
{
"name": "ADV-2007-3050",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3050"
},
{
"name": "25691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25691"
},
{
"name": "https://issues.rpath.com/browse/RPL-1310",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1310"
},
{
"name": "25033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25033"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305712",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305712"
},
{
"name": "openbsd-ipv6-type0-dos(33851)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33851"
},
{
"name": "26133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26133"
}
]
}
}

168
2010/0xxx/CVE-2010-0416.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[common-cvs] 20070703 util hxurl.cpp,1.24.4.1,1.24.4.1.4.1",
"refsource" : "MLIST",
"url" : "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=561856",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"name" : "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1",
"refsource" : "CONFIRM",
"url" : "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1"
},
{
"name" : "RHSA-2010:0094",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name" : "oval:org.mitre.oval:def:10847",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847"
},
{
"name" : "38450",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38450"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0094",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1"
},
{
"name": "[common-cvs] 20070703 util hxurl.cpp,1.24.4.1,1.24.4.1.4.1",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html"
},
{
"name": "38450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38450"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561856",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"name": "oval:org.mitre.oval:def:10847",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847"
}
]
}
}

138
2010/0xxx/CVE-2010-0674.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1002-exploits/statcountex-disclose.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1002-exploits/statcountex-disclose.txt"
},
{
"name" : "11434",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11434"
},
{
"name" : "statcountex-stats-info-disclosure(56264)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56264"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1002-exploits/statcountex-disclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/statcountex-disclose.txt"
},
{
"name": "statcountex-stats-info-disclosure(56264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56264"
},
{
"name": "11434",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11434"
}
]
}
}

438
2010/0xxx/CVE-2010-0844.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100405 ZDI-10-053: Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510529/100/0/threaded"
},
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-053",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-053"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html"
},
{
"name" : "http://support.apple.com/kb/HT4170",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4170"
},
{
"name" : "http://support.apple.com/kb/HT4171",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4171"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name" : "APPLE-SA-2010-05-18-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name" : "APPLE-SA-2010-05-18-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"name" : "HPSBMA02547",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name" : "SSRT100179",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "HPSBUX02524",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
},
{
"name" : "SSRT100089",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
},
{
"name" : "RHSA-2010:0337",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
},
{
"name" : "RHSA-2010:0338",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
},
{
"name" : "RHSA-2010:0383",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0383.html"
},
{
"name" : "RHSA-2010:0471",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0471.html"
},
{
"name" : "RHSA-2010:0489",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0489.html"
},
{
"name" : "SUSE-SR:2010:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"name" : "SUSE-SR:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name" : "oval:org.mitre.oval:def:14282",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14282"
},
{
"name" : "39317",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39317"
},
{
"name" : "39659",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39659"
},
{
"name" : "39819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39819"
},
{
"name" : "40211",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40211"
},
{
"name" : "40545",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40545"
},
{
"name" : "43308",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43308"
},
{
"name" : "ADV-2010-1191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1191"
},
{
"name" : "ADV-2010-1454",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1454"
},
{
"name" : "ADV-2010-1523",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1523"
},
{
"name" : "ADV-2010-1793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1793"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-05-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "39317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39317"
},
{
"name": "RHSA-2010:0383",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0383.html"
},
{
"name": "40545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40545"
},
{
"name": "20100405 ZDI-10-053: Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510529/100/0/threaded"
},
{
"name": "ADV-2010-1454",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1454"
},
{
"name": "39819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39819"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-053",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-053"
},
{
"name": "RHSA-2010:0338",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
},
{
"name": "ADV-2010-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "APPLE-SA-2010-05-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"name": "43308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43308"
},
{
"name": "SSRT100179",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SSRT100089",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html"
},
{
"name": "HPSBUX02524",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
},
{
"name": "http://support.apple.com/kb/HT4170",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4170"
},
{
"name": "ADV-2010-1523",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1523"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "SUSE-SR:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"name": "39659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39659"
},
{
"name": "RHSA-2010:0471",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0471.html"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "RHSA-2010:0337",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
},
{
"name": "RHSA-2010:0489",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0489.html"
},
{
"name": "HPSBMA02547",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "40211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40211"
},
{
"name": "http://support.apple.com/kb/HT4171",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4171"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "ADV-2010-1191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1191"
},
{
"name": "oval:org.mitre.oval:def:14282",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14282"
}
]
}
}

128
2010/1xxx/CVE-2010-1899.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka \"IIS Repeated Parameter Request Denial of Service Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-065",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065"
},
{
"name" : "oval:org.mitre.oval:def:7127",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7127"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka \"IIS Repeated Parameter Request Denial of Service Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-065",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065"
},
{
"name": "oval:org.mitre.oval:def:7127",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7127"
}
]
}
}

168
2010/3xxx/CVE-2010-3700.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3700",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101027 CVE-2010-3700: Spring Security bypass of security constraints",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514517/100/0/threaded"
},
{
"name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015",
"refsource" : "MISC",
"url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015"
},
{
"name" : "http://www.springsource.com/security/cve-2010-3700",
"refsource" : "CONFIRM",
"url" : "http://www.springsource.com/security/cve-2010-3700"
},
{
"name" : "44496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44496"
},
{
"name" : "68931",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/68931"
},
{
"name" : "42024",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42024"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44496"
},
{
"name": "42024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42024"
},
{
"name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015",
"refsource": "MISC",
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015"
},
{
"name": "http://www.springsource.com/security/cve-2010-3700",
"refsource": "CONFIRM",
"url": "http://www.springsource.com/security/cve-2010-3700"
},
{
"name": "68931",
"refsource": "OSVDB",
"url": "http://osvdb.org/68931"
},
{
"name": "20101027 CVE-2010-3700: Spring Security bypass of security constraints",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514517/100/0/threaded"
}
]
}
}

318
2010/3xxx/CVE-2010-3775.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3775",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-79.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-79.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=589041",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=589041"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=610525",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=610525"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=611897",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=611897"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100124650",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100124650"
},
{
"name" : "DSA-2132",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2132"
},
{
"name" : "FEDORA-2010-18773",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
},
{
"name" : "FEDORA-2010-18775",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
},
{
"name" : "FEDORA-2010-18890",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
},
{
"name" : "FEDORA-2010-18920",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
},
{
"name" : "MDVSA-2010:251",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
},
{
"name" : "RHSA-2010:0966",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
},
{
"name" : "RHSA-2010:0967",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0967.html"
},
{
"name" : "SUSE-SA:2011:003",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
},
{
"name" : "USN-1019-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1019-1"
},
{
"name" : "45355",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45355"
},
{
"name" : "oval:org.mitre.oval:def:11666",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11666"
},
{
"name" : "1024848",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024848"
},
{
"name" : "42716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42716"
},
{
"name" : "42818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42818"
},
{
"name" : "ADV-2011-0030",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0030"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=589041",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=589041"
},
{
"name": "SUSE-SA:2011:003",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
},
{
"name": "FEDORA-2010-18775",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
},
{
"name": "MDVSA-2010:251",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
},
{
"name": "http://support.avaya.com/css/P8/documents/100124650",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100124650"
},
{
"name": "RHSA-2010:0966",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
},
{
"name": "USN-1019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1019-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=610525",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=610525"
},
{
"name": "42818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42818"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=611897",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=611897"
},
{
"name": "DSA-2132",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2132"
},
{
"name": "1024848",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024848"
},
{
"name": "FEDORA-2010-18920",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
},
{
"name": "ADV-2011-0030",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0030"
},
{
"name": "RHSA-2010:0967",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0967.html"
},
{
"name": "FEDORA-2010-18890",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
},
{
"name": "oval:org.mitre.oval:def:11666",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11666"
},
{
"name": "42716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42716"
},
{
"name": "FEDORA-2010-18773",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
},
{
"name": "45355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45355"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-79.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-79.html"
}
]
}
}

138
2010/3xxx/CVE-2010-3784.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-3784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "1024723",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024723"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024723",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024723"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
}
]
}
}

118
2010/3xxx/CVE-2010-3979.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3979",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf",
"refsource" : "MISC",
"url" : "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf",
"refsource": "MISC",
"url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
}
]
}
}

138
2010/4xxx/CVE-2010-4213.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://news.cnet.com/8301-27080_3-20021874-245.html",
"refsource" : "MISC",
"url" : "http://news.cnet.com/8301-27080_3-20021874-245.html"
},
{
"name" : "http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html",
"refsource" : "MISC",
"url" : "http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html"
},
{
"name" : "http://viaforensics.com/appwatchdog/bank-of-america-android.html",
"refsource" : "MISC",
"url" : "http://viaforensics.com/appwatchdog/bank-of-america-android.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://viaforensics.com/appwatchdog/bank-of-america-android.html",
"refsource": "MISC",
"url": "http://viaforensics.com/appwatchdog/bank-of-america-android.html"
},
{
"name": "http://news.cnet.com/8301-27080_3-20021874-245.html",
"refsource": "MISC",
"url": "http://news.cnet.com/8301-27080_3-20021874-245.html"
},
{
"name": "http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html",
"refsource": "MISC",
"url": "http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html"
}
]
}
}

148
2010/4xxx/CVE-2010-4332.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4332",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101215 'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515314/100/0/threaded"
},
{
"name" : "15740",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15740"
},
{
"name" : "http://www.uncompiled.com/2010/12/pointter-php-content-management-system-unauthorized-privilege-escalation-cve-2010-4332/",
"refsource" : "MISC",
"url" : "http://www.uncompiled.com/2010/12/pointter-php-content-management-system-unauthorized-privilege-escalation-cve-2010-4332/"
},
{
"name" : "42662",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42662"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15740",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15740"
},
{
"name": "42662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42662"
},
{
"name": "20101215 'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515314/100/0/threaded"
},
{
"name": "http://www.uncompiled.com/2010/12/pointter-php-content-management-system-unauthorized-privilege-escalation-cve-2010-4332/",
"refsource": "MISC",
"url": "http://www.uncompiled.com/2010/12/pointter-php-content-management-system-unauthorized-privilege-escalation-cve-2010-4332/"
}
]
}
}

168
2010/4xxx/CVE-2010-4521.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101216 CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/12/16/7"
},
{
"name" : "[oss-security] 20101221 Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/12/22/1"
},
{
"name" : "http://drupal.org/node/999380",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/999380"
},
{
"name" : "FEDORA-2010-18927",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052802.html"
},
{
"name" : "FEDORA-2010-19009",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052814.html"
},
{
"name" : "ADV-2011-0011",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0011"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0011",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0011"
},
{
"name": "FEDORA-2010-18927",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052802.html"
},
{
"name": "[oss-security] 20101216 CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/12/16/7"
},
{
"name": "http://drupal.org/node/999380",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/999380"
},
{
"name": "[oss-security] 20101221 Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/12/22/1"
},
{
"name": "FEDORA-2010-19009",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052814.html"
}
]
}
}

32
2010/4xxx/CVE-2010-4564.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4564",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4564",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

188
2010/4xxx/CVE-2010-4743.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4743",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014"
},
{
"name" : "http://moinejf.free.fr/abcm2ps-5.txt",
"refsource" : "CONFIRM",
"url" : "http://moinejf.free.fr/abcm2ps-5.txt"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=600729",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=600729"
},
{
"name" : "FEDORA-2011-1092",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054015.html"
},
{
"name" : "FEDORA-2011-1851",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054424.html"
},
{
"name" : "40033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40033"
},
{
"name" : "43338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43338"
},
{
"name" : "ADV-2011-0390",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0390"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40033"
},
{
"name": "FEDORA-2011-1851",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054424.html"
},
{
"name": "ADV-2011-0390",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0390"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=600729",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=600729"
},
{
"name": "43338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43338"
},
{
"name": "FEDORA-2011-1092",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054015.html"
},
{
"name": "http://moinejf.free.fr/abcm2ps-5.txt",
"refsource": "CONFIRM",
"url": "http://moinejf.free.fr/abcm2ps-5.txt"
}
]
}
}

158
2014/0xxx/CVE-2014-0170.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0170",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://issues.jboss.org/browse/TEIID-2911",
"refsource" : "CONFIRM",
"url" : "https://issues.jboss.org/browse/TEIID-2911"
},
{
"name" : "RHSA-2014:1284",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1284.html"
},
{
"name" : "1030886",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030886"
},
{
"name" : "61530",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61530"
},
{
"name" : "jboss-data-cve20140170-info-disc(96192)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96192"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jboss-data-cve20140170-info-disc(96192)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96192"
},
{
"name": "61530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61530"
},
{
"name": "1030886",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030886"
},
{
"name": "https://issues.jboss.org/browse/TEIID-2911",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/TEIID-2911"
},
{
"name": "RHSA-2014:1284",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1284.html"
}
]
}
}

158
2014/4xxx/CVE-2014-4055.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4067."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-051",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051"
},
{
"name" : "69128",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69128"
},
{
"name" : "1030715",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030715"
},
{
"name" : "60670",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60670"
},
{
"name" : "ms-ie-cve20144055-code-exec(94987)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94987"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4067."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ms-ie-cve20144055-code-exec(94987)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94987"
},
{
"name": "1030715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030715"
},
{
"name": "69128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69128"
},
{
"name": "MS14-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051"
},
{
"name": "60670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60670"
}
]
}
}

158
2014/4xxx/CVE-2014-4057.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4057",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, and CVE-2014-2823."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-051",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051"
},
{
"name" : "69130",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69130"
},
{
"name" : "1030715",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030715"
},
{
"name" : "60670",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60670"
},
{
"name" : "ms-ie-cve20144057-code-exec(94989)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94989"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, and CVE-2014-2823."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030715"
},
{
"name": "MS14-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051"
},
{
"name": "69130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69130"
},
{
"name": "60670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60670"
},
{
"name": "ms-ie-cve20144057-code-exec(94989)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94989"
}
]
}
}

158
2014/4xxx/CVE-2014-4790.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4790",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680665",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681277",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
},
{
"name" : "60480",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60480"
},
{
"name" : "60481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60481"
},
{
"name" : "ibm-emportis-cve20144790-phishing(93195)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93195"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60480"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
},
{
"name": "ibm-emportis-cve20144790-phishing(93195)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93195"
},
{
"name": "60481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60481"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
}
]
}
}

32
2014/8xxx/CVE-2014-8050.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8050",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8050",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

158
2014/8xxx/CVE-2014-8110.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8110",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150205 [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q1/427"
},
{
"name" : "http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt",
"refsource" : "CONFIRM",
"url" : "http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt"
},
{
"name" : "72511",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72511"
},
{
"name" : "62649",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62649"
},
{
"name" : "apache-activemq-cve20148110-xss(100724)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100724"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150205 [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/427"
},
{
"name": "72511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72511"
},
{
"name": "62649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62649"
},
{
"name": "apache-activemq-cve20148110-xss(100724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100724"
},
{
"name": "http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt",
"refsource": "CONFIRM",
"url": "http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt"
}
]
}
}

158
2014/8xxx/CVE-2014-8507.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8507",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141126 CVE-2014-8507 Android < 5.0 SQL injection vulnerability in WAPPushManager",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/86"
},
{
"name" : "http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html"
},
{
"name" : "http://xteam.baidu.com/?p=167",
"refsource" : "MISC",
"url" : "http://xteam.baidu.com/?p=167"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6"
},
{
"name" : "71310",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71310"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141126 CVE-2014-8507 Android < 5.0 SQL injection vulnerability in WAPPushManager",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/86"
},
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6"
},
{
"name": "http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html"
},
{
"name": "http://xteam.baidu.com/?p=167",
"refsource": "MISC",
"url": "http://xteam.baidu.com/?p=167"
},
{
"name": "71310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71310"
}
]
}
}

138
2014/8xxx/CVE-2014-8957.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8957",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html"
},
{
"name" : "https://www.youtube.com/watch?v=3jBQFAAq23k&feature=youtu.be",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=3jBQFAAq23k&feature=youtu.be"
},
{
"name" : "73012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73012"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73012"
},
{
"name": "https://www.youtube.com/watch?v=3jBQFAAq23k&feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3jBQFAAq23k&feature=youtu.be"
},
{
"name": "http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html"
}
]
}
}

32
2014/9xxx/CVE-2014-9127.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9127",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9127",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/9xxx/CVE-2014-9287.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9287",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-9287",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

118
2014/9xxx/CVE-2014-9342.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9342",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141202 F5 BIGIP - (OLD!) Persistent XSS in ASM Module",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534137/100/0/threaded"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141202 F5 BIGIP - (OLD!) Persistent XSS in ASM Module",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534137/100/0/threaded"
}
]
}
}

128
2014/9xxx/CVE-2014-9610.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9610",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37929",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37929/"
},
{
"name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html"
},
{
"name": "37929",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37929/"
}
]
}
}

250
2016/2xxx/CVE-2016-2161.json
View File

@ -1,128 +1,128 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2016-12-20T00:00:00",
"ID" : "CVE-2016-2161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache HTTP Server",
"version" : {
"version_data" : [
{
"version_value" : "2.4.0 to 2.4.23"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of Out-of-range Pointer Offset (CWE-823)"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2016-12-20T00:00:00",
"ID": "CVE-2016-2161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.0 to 2.4.23"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161",
"refsource" : "CONFIRM",
"url" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161"
},
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us"
},
{
"name" : "https://www.tenable.com/security/tns-2017-04",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2017-04"
},
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180423-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180423-0001/"
},
{
"name" : "DSA-3796",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3796"
},
{
"name" : "GLSA-201701-36",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-36"
},
{
"name" : "RHSA-2017:0906",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0906"
},
{
"name" : "RHSA-2017:1161",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"name" : "RHSA-2017:1413",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name" : "RHSA-2017:1414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name" : "RHSA-2017:1415",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name" : "95076",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95076"
},
{
"name" : "1037508",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037508"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Out-of-range Pointer Offset (CWE-823)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "95076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95076"
},
{
"name": "DSA-3796",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3796"
},
{
"name": "1037508",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037508"
},
{
"name": "RHSA-2017:1413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name": "RHSA-2017:1161",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "RHSA-2017:1414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161"
},
{
"name": "RHSA-2017:1415",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name": "RHSA-2017:0906",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0906"
},
{
"name": "GLSA-201701-36",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180423-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
}
]
}
}

128
2016/2xxx/CVE-2016-2433.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2433",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038167",
"refsource" : "CONFIRM",
"url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038167"
},
{
"name" : "98034",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98034"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98034"
},
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038167",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038167"
}
]
}
}

128
2016/3xxx/CVE-2016-3465.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name" : "1035629",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035629"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035629",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035629"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
]
}
}

128
2016/3xxx/CVE-2016-3763.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3763",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/base/+/ec2fc50d202d975447211012997fe425496c849c",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/base/+/ec2fc50d202d975447211012997fe425496c849c"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/ec2fc50d202d975447211012997fe425496c849c",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/ec2fc50d202d975447211012997fe425496c849c"
}
]
}
}

32
2016/3xxx/CVE-2016-3817.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3817",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-3817",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

138
2016/3xxx/CVE-2016-3943.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3943",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39671",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39671/"
},
{
"name" : "20160406 Panda Security Multiple Business Products - Privilege Escalation",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Apr/24"
},
{
"name" : "http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Privilege-Escalation.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39671",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39671/"
},
{
"name": "20160406 Panda Security Multiple Business Products - Privilege Escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Apr/24"
},
{
"name": "http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Privilege-Escalation.html"
}
]
}
}

118
2016/3xxx/CVE-2016-3983.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10149",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10149"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10149",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10149"
}
]
}
}

158
2016/3xxx/CVE-2016-3984.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39531",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39531/"
},
{
"name" : "20160304 McAfee VirusScan Enterprise security restrictions bypass",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Mar/13"
},
{
"name" : "http://lab.mediaservice.net/advisory/2016-01-mcafee.txt",
"refsource" : "MISC",
"url" : "http://lab.mediaservice.net/advisory/2016-01-mcafee.txt"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10151",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10151"
},
{
"name" : "1035130",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035130"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160304 McAfee VirusScan Enterprise security restrictions bypass",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Mar/13"
},
{
"name": "http://lab.mediaservice.net/advisory/2016-01-mcafee.txt",
"refsource": "MISC",
"url": "http://lab.mediaservice.net/advisory/2016-01-mcafee.txt"
},
{
"name": "39531",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39531/"
},
{
"name": "1035130",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035130"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10151",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10151"
}
]
}
}

176
2016/6xxx/CVE-2016-6123.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6123",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Kenexa LMS on Cloud",
"version" : {
"version_data" : [
{
"version_value" : "13.0"
},
{
"version_value" : "13.1"
},
{
"version_value" : "13.2"
},
{
"version_value" : "13.2.2"
},
{
"version_value" : "13.2.3"
},
{
"version_value" : "13.2.4"
},
{
"version_value" : "14.0.0"
},
{
"version_value" : "14.1.0"
},
{
"version_value" : "14.2.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kenexa LMS on Cloud",
"version": {
"version_data": [
{
"version_value": "13.0"
},
{
"version_value": "13.1"
},
{
"version_value": "13.2"
},
{
"version_value": "13.2.2"
},
{
"version_value": "13.2.3"
},
{
"version_value": "13.2.4"
},
{
"version_value": "14.0.0"
},
{
"version_value": "14.1.0"
},
{
"version_value": "14.2.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21993982",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21993982"
},
{
"name" : "94305",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94305"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94305"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21993982",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993982"
}
]
}
}

32
2016/6xxx/CVE-2016-6282.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6282",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6282",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2016/6xxx/CVE-2016-6357.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6357",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco AsyncOS through 9.9.6-026",
"version" : {
"version_data" : [
{
"version_value" : "Cisco AsyncOS through 9.9.6-026"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco AsyncOS through 9.9.6-026",
"version": {
"version_data": [
{
"version_value": "Cisco AsyncOS through 9.9.6-026"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5"
},
{
"name" : "93909",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93909"
},
{
"name" : "1037114",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037114"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5"
},
{
"name": "93909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93909"
},
{
"name": "1037114",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037114"
}
]
}
}

128
2016/6xxx/CVE-2016-6535.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6535",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#667480",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/667480"
},
{
"name" : "92936",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92936"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#667480",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/667480"
},
{
"name": "92936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92936"
}
]
}
}

168
2016/6xxx/CVE-2016-6786.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6786",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b"
},
{
"name" : "http://source.android.com/security/bulletin/2016-12-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1403842",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1403842"
},
{
"name" : "https://github.com/torvalds/linux/commit/f63a8daa5812afef4f06c962351687e1ff9ccb2b",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/f63a8daa5812afef4f06c962351687e1ff9ccb2b"
},
{
"name" : "DSA-3791",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3791"
},
{
"name" : "94679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94679"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b"
},
{
"name": "https://github.com/torvalds/linux/commit/f63a8daa5812afef4f06c962351687e1ff9ccb2b",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f63a8daa5812afef4f06c962351687e1ff9ccb2b"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1403842",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403842"
},
{
"name": "94679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94679"
},
{
"name": "DSA-3791",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3791"
},
{
"name": "http://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-12-01.html"
}
]
}
}

128
2016/7xxx/CVE-2016-7108.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7108",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en"
},
{
"name" : "92619",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92619"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en"
},
{
"name": "92619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92619"
}
]
}
}

158
2016/7xxx/CVE-2016-7395.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-7395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://codereview.chromium.org/2006143009",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/2006143009"
},
{
"name" : "https://crbug.com/613918",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/613918"
},
{
"name" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"refsource" : "CONFIRM",
"url" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"name" : "DSA-3667",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3667"
},
{
"name" : "92717",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92717"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/613918",
"refsource": "CONFIRM",
"url": "https://crbug.com/613918"
},
{
"name": "DSA-3667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"name": "92717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92717"
},
{
"name": "https://codereview.chromium.org/2006143009",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2006143009"
}
]
}
}

138
2016/7xxx/CVE-2016-7476.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"ID" : "CVE-2016-7476",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, WebSafe",
"version" : {
"version_data" : [
{
"version_value" : "11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, 11.3.0 before 11.4.1 HF10"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Traffic Management Microkernel (TMM) memory leak"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2016-7476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, WebSafe",
"version": {
"version_data": [
{
"version_value": "11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, 11.3.0 before 11.4.1 HF10"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/#/article/K87416818",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/#/article/K87416818"
},
{
"name" : "94353",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94353"
},
{
"name" : "1037274",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037274"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Traffic Management Microkernel (TMM) memory leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037274",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037274"
},
{
"name": "https://support.f5.com/csp/#/article/K87416818",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/#/article/K87416818"
},
{
"name": "94353",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94353"
}
]
}
}

158
2016/7xxx/CVE-2016-7588.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"CoreMedia Playback\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted MP4 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207422",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207422"
},
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
},
{
"name" : "https://support.apple.com/HT207487",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207487"
},
{
"name" : "94905",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94905"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"CoreMedia Playback\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted MP4 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207487",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207487"
},
{
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
},
{
"name": "94905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94905"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}

148
2016/7xxx/CVE-2016-7617.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40952",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40952/"
},
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
},
{
"name" : "94903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94903"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "40952",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40952/"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}