admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:54:59 +00:00
parent 67bea184e8
commit 1274c1b3d2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3875 additions and 3875 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/0xxx/CVE-2006-0204.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0204", "ID": "CVE-2006-0204",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the \"Course name\" field in index.php when the frm parameter has the value \"mine\" and (2) possibly certain other fields in unspecified scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060112 [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/421746/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the \"Course name\" field in index.php when the frm parameter has the value \"mine\" and (2) possibly certain other fields in unspecified scripts."
{ }
"name" : "http://evuln.com/vulns/28/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/28/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16227", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16227" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0185", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0185" ]
}, },
{ "references": {
"name" : "22359", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22359" "name": "ADV-2006-0185",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0185"
"name" : "18440", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18440" "name": "wordcircle-index-xss(24106)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24106"
"name" : "345", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/345" "name": "22359",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22359"
"name" : "wordcircle-index-xss(24106)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24106" "name": "345",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/345"
} },
} {
"name": "18440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18440"
},
{
"name": "16227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16227"
},
{
"name": "http://evuln.com/vulns/28/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/28/summary.html"
},
{
"name": "20060112 [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421746/100/0/threaded"
}
]
}
}

220
2006/0xxx/CVE-2006-0338.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0338", "ID": "CVE-2006-0338",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.f-secure.com/security/fsc-2006-1.shtml", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.f-secure.com/security/fsc-2006-1.shtml" "lang": "eng",
}, "value": "Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned."
{ }
"name" : "Q-103", ]
"refsource" : "CIAC", },
"url" : "http://www.ciac.org/ciac/bulletins/q-103.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16309", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16309" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0257", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0257" ]
}, },
{ "references": {
"name" : "22633", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22633" "name": "http://www.f-secure.com/security/fsc-2006-1.shtml",
}, "refsource": "CONFIRM",
{ "url": "http://www.f-secure.com/security/fsc-2006-1.shtml"
"name" : "1015507", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015507" "name": "fsecure-rar-zip-scan-bypass(24199)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24199"
"name" : "1015508", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015508" "name": "1015510",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015510"
"name" : "1015509", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015509" "name": "18529",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18529"
"name" : "1015510", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015510" "name": "22633",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22633"
"name" : "18529", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18529" "name": "1015509",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015509"
"name" : "fsecure-rar-zip-scan-bypass(24199)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24199" "name": "16309",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/16309"
} },
} {
"name": "Q-103",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/q-103.shtml"
},
{
"name": "1015508",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015508"
},
{
"name": "1015507",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015507"
},
{
"name": "ADV-2006-0257",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0257"
}
]
}
}

140
2006/0xxx/CVE-2006-0858.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0858", "ID": "CVE-2006-0858",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious \"program\" file in the C: folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060219 [TZO-062006] Safe'nVulnerable", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/425504/100/0/threaded" "lang": "eng",
}, "value": "Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious \"program\" file in the C: folder."
{ }
"name" : "http://secdev.zoller.lu/research/safnsec.htm", ]
"refsource" : "MISC", },
"url" : "http://secdev.zoller.lu/research/safnsec.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16762", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16762" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "16762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16762"
},
{
"name": "20060219 [TZO-062006] Safe'nVulnerable",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425504/100/0/threaded"
},
{
"name": "http://secdev.zoller.lu/research/safnsec.htm",
"refsource": "MISC",
"url": "http://secdev.zoller.lu/research/safnsec.htm"
}
]
}
}

150
2006/0xxx/CVE-2006-0956.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0956", "ID": "CVE-2006-0956",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.nufw.org/+NuFW-1-21-minor-security-fix+.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.nufw.org/+NuFW-1-21-minor-security-fix+.html" "lang": "eng",
}, "value": "nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server."
{ }
"name" : "16868", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16868" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0762", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0762" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19046", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/19046" ]
} },
] "references": {
} "reference_data": [
} {
"name": "ADV-2006-0762",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0762"
},
{
"name": "19046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19046"
},
{
"name": "http://www.nufw.org/+NuFW-1-21-minor-security-fix+.html",
"refsource": "CONFIRM",
"url": "http://www.nufw.org/+NuFW-1-21-minor-security-fix+.html"
},
{
"name": "16868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16868"
}
]
}
}

140
2006/1xxx/CVE-2006-1029.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1029", "ID": "CVE-2006-1029",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using \"<<>AAA<><>\", possibly due to nested or empty tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060302 JOOMLA CMS 1.0.7 DoS & path disclosing", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/426538/100/0/threaded" "lang": "eng",
}, "value": "The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using \"<<>AAA<><>\", possibly due to nested or empty tags."
{ }
"name" : "http://www.joomla.org/content/view/938/78/", ]
"refsource" : "MISC", },
"url" : "http://www.joomla.org/content/view/938/78/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "23816", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/23816" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20060302 JOOMLA CMS 1.0.7 DoS & path disclosing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426538/100/0/threaded"
},
{
"name": "23816",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23816"
},
{
"name": "http://www.joomla.org/content/view/938/78/",
"refsource": "MISC",
"url": "http://www.joomla.org/content/view/938/78/"
}
]
}
}

150
2006/1xxx/CVE-2006-1791.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1791", "ID": "CVE-2006-1791",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060412 QuickBlogger v1.4 Cross-Site Scripting", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/430878/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails."
{ }
"name" : "20060414 Re: QuickBlogger v1.4 Cross-Site Scripting", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/431059/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15942", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15942" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "quickblogger-acc-xss(25795)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25795" ]
} },
] "references": {
} "reference_data": [
} {
"name": "quickblogger-acc-xss(25795)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25795"
},
{
"name": "20060414 Re: QuickBlogger v1.4 Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431059/100/0/threaded"
},
{
"name": "15942",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15942"
},
{
"name": "20060412 QuickBlogger v1.4 Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430878/100/0/threaded"
}
]
}
}

140
2006/3xxx/CVE-2006-3115.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2006-3115", "ID": "CVE-2006-3115",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://secunia.com/secunia_research/2006-47/advisory/", "description_data": [
"refsource" : "MISC", {
"url" : "http://secunia.com/secunia_research/2006-47/advisory/" "lang": "eng",
}, "value": "SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter."
{ }
"name" : "20200", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/20200" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "phpraid-view-sql-injection(27457)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27457" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2006-47/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-47/advisory/"
},
{
"name": "phpraid-view-sql-injection(27457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27457"
},
{
"name": "20200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20200"
}
]
}
}

200
2006/3xxx/CVE-2006-3749.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3749", "ID": "CVE-2006-3749",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060712 [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0180.html" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
{ }
"name" : "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt", ]
"refsource" : "MISC", },
"url" : "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2028", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2028" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18991", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/18991" ]
}, },
{ "references": {
"name" : "24592", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24592" "name": "20060712 [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0180.html"
"name" : "ADV-2006-2803", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2803" "name": "21055",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21055"
"name" : "21055", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21055" "name": "sitemap-sitemapxml-file-include(27723)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27723"
"name" : "1249", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1249" "name": "18991",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18991"
"name" : "sitemap-sitemapxml-file-include(27723)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27723" "name": "24592",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/24592"
} },
} {
"name": "1249",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1249"
},
{
"name": "2028",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2028"
},
{
"name": "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt"
},
{
"name": "ADV-2006-2803",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2803"
}
]
}
}

150
2006/4xxx/CVE-2006-4157.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4157", "ID": "CVE-2006-4157",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060810 Yabb XSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/442817/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter."
{ }
"name" : "19460", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19460" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1016684", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016684" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "yabb-index-script-xss(28324)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28324" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20060810 Yabb XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442817/100/0/threaded"
},
{
"name": "19460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19460"
},
{
"name": "1016684",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016684"
},
{
"name": "yabb-index-script-xss(28324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28324"
}
]
}
}

150
2006/4xxx/CVE-2006-4199.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4199", "ID": "CVE-2006-4199",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page, a different vulnerability than CVE-2004-1512."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.soft3304.net/04WebServer/Security.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.soft3304.net/04WebServer/Security.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page, a different vulnerability than CVE-2004-1512."
{ }
"name" : "19496", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19496" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21504", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21504" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "04webserver-error-page-xss(28354)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28354" ]
} },
] "references": {
} "reference_data": [
} {
"name": "19496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19496"
},
{
"name": "http://www.soft3304.net/04WebServer/Security.html",
"refsource": "CONFIRM",
"url": "http://www.soft3304.net/04WebServer/Security.html"
},
{
"name": "04webserver-error-page-xss(28354)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28354"
},
{
"name": "21504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21504"
}
]
}
}

380
2006/4xxx/CVE-2006-4519.json
View File

@ -1,192 +1,192 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4519", "ID": "CVE-2006-4519",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070709 Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551" "lang": "eng",
}, "value": "Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files."
{ }
"name" : "20070801 FLEA-2007-0038-1 gimp", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/475257/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugzilla.gnome.org/show_bug.cgi?id=451379", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugzilla.gnome.org/show_bug.cgi?id=451379" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://developer.gimp.org/NEWS-2.2", ]
"refsource" : "CONFIRM", }
"url" : "http://developer.gimp.org/NEWS-2.2" ]
}, },
{ "references": {
"name" : "http://issues.foresightlinux.org/browse/FL-457", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://issues.foresightlinux.org/browse/FL-457" "name": "26132",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26132"
"name" : "DSA-1335", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2007/dsa-1335" "name": "ADV-2007-2471",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2471"
"name" : "GLSA-200707-09", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200707-09.xml" "name": "20070801 FLEA-2007-0038-1 gimp",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/475257/100/0/threaded"
"name" : "MDKSA-2007:170", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170" "name": "gimp-plugins-code-execution(35308)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35308"
"name" : "RHSA-2007:0513", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0513.html" "name": "42139",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/42139"
"name" : "USN-494-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-494-1" "name": "GLSA-200707-09",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200707-09.xml"
"name" : "24835", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24835" "name": "oval:org.mitre.oval:def:10842",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842"
"name" : "42139", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/42139" "name": "26240",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26240"
"name" : "42140", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/42140" "name": "26575",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26575"
"name" : "42141", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/42141" "name": "42140",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/42140"
"name" : "42142", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/42142" "name": "USN-494-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-494-1"
"name" : "42143", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/42143" "name": "http://bugzilla.gnome.org/show_bug.cgi?id=451379",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.gnome.org/show_bug.cgi?id=451379"
"name" : "42144", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/42144" "name": "http://developer.gimp.org/NEWS-2.2",
}, "refsource": "CONFIRM",
{ "url": "http://developer.gimp.org/NEWS-2.2"
"name" : "42145", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/42145" "name": "RHSA-2007:0513",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2007-0513.html"
"name" : "oval:org.mitre.oval:def:10842", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842" "name": "20070709 Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities",
}, "refsource": "IDEFENSE",
{ "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551"
"name" : "ADV-2007-2471", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2471" "name": "42143",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/42143"
"name" : "1018349", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018349" "name": "42145",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/42145"
"name" : "26132", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26132" "name": "24835",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/24835"
"name" : "26215", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26215" "name": "26215",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26215"
"name" : "26240", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26240" "name": "1018349",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018349"
"name" : "26575", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26575" "name": "42144",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/42144"
"name" : "26939", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26939" "name": "MDKSA-2007:170",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170"
"name" : "gimp-plugins-code-execution(35308)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35308" "name": "42141",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/42141"
} },
} {
"name": "DSA-1335",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1335"
},
{
"name": "26939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26939"
},
{
"name": "42142",
"refsource": "OSVDB",
"url": "http://osvdb.org/42142"
},
{
"name": "http://issues.foresightlinux.org/browse/FL-457",
"refsource": "CONFIRM",
"url": "http://issues.foresightlinux.org/browse/FL-457"
}
]
}
}

270
2006/4xxx/CVE-2006-4808.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-4808", "ID": "CVE-2006-4808",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz" "lang": "eng",
}, "value": "Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image."
{ }
"name" : "GLSA-200612-20", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-200612-20.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2006:198", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2007:156", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156" ]
}, },
{ "references": {
"name" : "SUSE-SR:2006:026", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_26_sr.html" "name": "imlib2-loadertgac-bo(30068)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30068"
"name" : "USN-376-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-376-1" "name": "22932",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22932"
"name" : "USN-376-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-376-2" "name": "MDKSA-2007:156",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
"name" : "20903", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20903" "name": "22752",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22752"
"name" : "ADV-2006-4349", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4349" "name": "MDKSA-2006:198",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
"name" : "30103", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/30103" "name": "SUSE-SR:2006:026",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
"name" : "22732", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22732" "name": "20903",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20903"
"name" : "22744", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22744" "name": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz",
}, "refsource": "MISC",
{ "url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
"name" : "22752", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22752" "name": "USN-376-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-376-2"
"name" : "23441", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23441" "name": "GLSA-200612-20",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200612-20.xml"
"name" : "22932", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22932" "name": "ADV-2006-4349",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4349"
"name" : "imlib2-loadertgac-bo(30068)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30068" "name": "23441",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/23441"
} },
} {
"name": "30103",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30103"
},
{
"name": "22732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22732"
},
{
"name": "22744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22744"
},
{
"name": "USN-376-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-376-1"
}
]
}
}

200
2010/2xxx/CVE-2010-2238.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2238", "ID": "CVE-2010-2238",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://libvirt.org/news.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://libvirt.org/news.html" "lang": "eng",
}, "value": "Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=607811", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=607811" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2010-10960", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2010-11021", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html" ]
}, },
{ "references": {
"name" : "SUSE-SR:2010:017", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" "name": "FEDORA-2010-10960",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
"name" : "USN-1008-1", },
"refsource" : "UBUNTU", {
"url" : "http://ubuntu.com/usn/usn-1008-1" "name": "USN-1008-2",
}, "refsource": "UBUNTU",
{ "url": "http://ubuntu.com/usn/usn-1008-2"
"name" : "USN-1008-2", },
"refsource" : "UBUNTU", {
"url" : "http://ubuntu.com/usn/usn-1008-2" "name": "FEDORA-2010-11021",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
"name" : "USN-1008-3", },
"refsource" : "UBUNTU", {
"url" : "http://ubuntu.com/usn/usn-1008-3" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=607811",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607811"
"name" : "ADV-2010-2763", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2763" "name": "http://libvirt.org/news.html",
} "refsource": "MISC",
] "url": "http://libvirt.org/news.html"
} },
} {
"name": "USN-1008-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "USN-1008-3",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"name": "ADV-2010-2763",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2763"
}
]
}
}

190
2010/2xxx/CVE-2010-2301.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2301", "ID": "CVE-2010-2301",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=43902", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=43902" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762."
{ }
"name" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.webkit.org/show_bug.cgi?id=38922", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.webkit.org/show_bug.cgi?id=38922" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SR:2011:002", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:11861", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11861" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "40072", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40072" "name": "http://code.google.com/p/chromium/issues/detail?id=43902",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=43902"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "40072",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/40072"
} },
} {
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=38922",
"refsource": "CONFIRM",
"url": "https://bugs.webkit.org/show_bug.cgi?id=38922"
},
{
"name": "oval:org.mitre.oval:def:11861",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11861"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html"
}
]
}
}

130
2010/2xxx/CVE-2010-2336.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2336", "ID": "CVE-2010-2336",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "13845", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/13845" "lang": "eng",
}, "value": "index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter."
{ }
"name" : "http://www.yamamah.org/home/?page=39", ]
"refsource" : "MISC", },
"url" : "http://www.yamamah.org/home/?page=39" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13845",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13845"
},
{
"name": "http://www.yamamah.org/home/?page=39",
"refsource": "MISC",
"url": "http://www.yamamah.org/home/?page=39"
}
]
}
}

230
2010/2xxx/CVE-2010-2762.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2762", "ID": "CVE-2010-2762",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html" "lang": "eng",
}, "value": "The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=584180", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=584180" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "description": [
"refsource" : "CONFIRM", {
"url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/css/P8/documents/100112690", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/css/P8/documents/100112690" ]
}, },
{ "references": {
"name" : "MDVSA-2010:173", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=584180",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=584180"
"name" : "SUSE-SA:2010:049", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" "name": "SUSE-SA:2010:049",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"
"name" : "43092", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43092" "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox",
}, "refsource": "CONFIRM",
{ "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"
"name" : "oval:org.mitre.oval:def:11492", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492" "name": "http://support.avaya.com/css/P8/documents/100112690",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100112690"
"name" : "42867", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42867" "name": "42867",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42867"
"name" : "ADV-2010-2323", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2323" "name": "ADV-2011-0061",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0061"
"name" : "ADV-2011-0061", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0061" "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html"
"name" : "firefox-sjow-code-exec(61656)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61656" "name": "MDVSA-2010:173",
} "refsource": "MANDRIVA",
] "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173"
} },
} {
"name": "ADV-2010-2323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2323"
},
{
"name": "firefox-sjow-code-exec(61656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61656"
},
{
"name": "43092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43092"
},
{
"name": "oval:org.mitre.oval:def:11492",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492"
}
]
}
}

200
2010/2xxx/CVE-2010-2786.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2786", "ID": "CVE-2010-2786",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100728 CVE Request: Piwik < 0.6.4 Arbitrary file inclusion", "description_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=oss-security&m=128032989120346&w=2" "lang": "eng",
}, "value": "Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request."
{ }
"name" : "[oss-security] 20100729 Re: CVE Request: Piwik < 0.6.4 Arbitrary file inclusion", ]
"refsource" : "MLIST", },
"url" : "http://marc.info/?l=oss-security&m=128041221832498&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://piwik.org/changelog/", ]
"refsource" : "CONFIRM", }
"url" : "http://piwik.org/changelog/" ]
}, },
{ "references": {
"name" : "42031", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/42031" "name": "http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/",
}, "refsource": "CONFIRM",
{ "url": "http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/"
"name" : "66759", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/66759" "name": "http://piwik.org/changelog/",
}, "refsource": "CONFIRM",
{ "url": "http://piwik.org/changelog/"
"name" : "40703", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40703" "name": "[oss-security] 20100729 Re: CVE Request: Piwik < 0.6.4 Arbitrary file inclusion",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=oss-security&m=128041221832498&w=2"
"name" : "ADV-2010-1971", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1971" "name": "66759",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/66759"
"name" : "piwik-data-renderer-file-include(60808)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60808" "name": "ADV-2010-1971",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2010/1971"
} },
} {
"name": "[oss-security] 20100728 CVE Request: Piwik < 0.6.4 Arbitrary file inclusion",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128032989120346&w=2"
},
{
"name": "42031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42031"
},
{
"name": "piwik-data-renderer-file-include(60808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60808"
},
{
"name": "40703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40703"
}
]
}
}

160
2010/2xxx/CVE-2010-2864.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2010-2864", "ID": "CVE-2010-2864",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2864", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/513334/100/0/threaded" "lang": "eng",
}, "value": "IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file."
{ }
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:11913", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11913" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1024361", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1024361" ]
}, },
{ "references": {
"name" : "ADV-2010-2176", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2176" "name": "1024361",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1024361"
} },
} {
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2864",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513334/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:11913",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11913"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}

410
2010/3xxx/CVE-2010-3089.json
View File

@ -1,207 +1,207 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-3089", "ID": "CVE-2010-3089",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[mailman-announce] 20100905 Mailman security patch.", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field."
{ }
"name" : "[mailman-announce] 20100909 Mailman security patch.", ]
"refsource" : "MLIST", },
"url" : "http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20100913 CVE Request: mailman", "description": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=oss-security&m=128438736513097&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20100913 Re: CVE Request: mailman", ]
"refsource" : "MLIST", }
"url" : "http://marc.info/?l=oss-security&m=128441369020123&w=2" ]
}, },
{ "references": {
"name" : "[oss-security] 20100913 Re: CVE Request: mailman", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=oss-security&m=128441237618793&w=2" "name": "[oss-security] 20100913 CVE Request: mailman",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=oss-security&m=128438736513097&w=2"
"name" : "[oss-security] 20100913 Re: CVE Request: mailman", },
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=oss-security&m=128441135117819&w=2" "name": "RHSA-2011:0307",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
"name" : "[oss-security] 20100913 Re: CVE Request: mailman", },
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=oss-security&m=128440851513718&w=2" "name": "[oss-security] 20100913 Re: CVE Request: mailman",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=oss-security&m=128441369020123&w=2"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=631859", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=631859" "name": "FEDORA-2010-14877",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=631881", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=631881" "name": "43294",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43294"
"name" : "https://launchpad.net/mailman/+milestone/2.1.14rc1", },
"refsource" : "CONFIRM", {
"url" : "https://launchpad.net/mailman/+milestone/2.1.14rc1" "name": "SUSE-SR:2011:009",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
"name" : "http://support.apple.com/kb/HT4581", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4581" "name": "ADV-2011-0460",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0460"
"name" : "APPLE-SA-2011-03-21-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" "name": "openSUSE-SU-2011:0424",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html"
"name" : "DSA-2170", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2170" "name": "DSA-2170",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2170"
"name" : "FEDORA-2010-14834", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html" "name": "FEDORA-2010-14834",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html"
"name" : "FEDORA-2010-14877", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html" "name": "42502",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42502"
"name" : "RHSA-2011:0307", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0307.html" "name": "[oss-security] 20100913 Re: CVE Request: mailman",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=oss-security&m=128441135117819&w=2"
"name" : "RHSA-2011:0308", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0308.html" "name": "https://launchpad.net/mailman/+milestone/2.1.14rc1",
}, "refsource": "CONFIRM",
{ "url": "https://launchpad.net/mailman/+milestone/2.1.14rc1"
"name" : "SUSE-SR:2011:009", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" "name": "USN-1069-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1069-1"
"name" : "openSUSE-SU-2011:0424", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html" "name": "RHSA-2011:0308",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0308.html"
"name" : "USN-1069-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1069-1" "name": "APPLE-SA-2011-03-21-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
"name" : "41265", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41265" "name": "[oss-security] 20100913 Re: CVE Request: mailman",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=oss-security&m=128440851513718&w=2"
"name" : "42502", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42502" "name": "41265",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41265"
"name" : "43294", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43294" "name": "ADV-2011-0436",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0436"
"name" : "43425", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43425" "name": "[mailman-announce] 20100909 Mailman security patch.",
}, "refsource": "MLIST",
{ "url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html"
"name" : "43549", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43549" "name": "ADV-2010-3271",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3271"
"name" : "43580", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43580" "name": "[oss-security] 20100913 Re: CVE Request: mailman",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=oss-security&m=128441237618793&w=2"
"name" : "ADV-2010-3271", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3271" "name": "43425",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43425"
"name" : "ADV-2011-0436", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0436" "name": "ADV-2011-0542",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0542"
"name" : "ADV-2011-0460", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0460" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=631881",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=631881"
"name" : "ADV-2011-0542", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0542" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=631859",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=631859"
} },
} {
"name": "43580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43580"
},
{
"name": "[mailman-announce] 20100905 Mailman security patch.",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html"
},
{
"name": "43549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43549"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
}

120
2010/3xxx/CVE-2010-3485.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3485", "ID": "CVE-2010-3485",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41502", "description_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41502" "lang": "eng",
} "value": "SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41502"
}
]
}
}

140
2010/3xxx/CVE-2010-3798.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-3798", "ID": "CVE-2010-3798",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4435", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4435" "lang": "eng",
}, "value": "Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive."
{ }
"name" : "APPLE-SA-2010-11-10-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1024723", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024723" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1024723",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024723"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
}
]
}
}

290
2010/3xxx/CVE-2010-3834.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3834", "ID": "CVE-2010-3834",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to \"materializing a derived table that required a temporary table for grouping\" and \"user variable assignments.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.mysql.com/bug.php?id=55568", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugs.mysql.com/bug.php?id=55568" "lang": "eng",
}, "value": "Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to \"materializing a derived table that required a temporary table for grouping\" and \"user variable assignments.\""
{ }
"name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html", ]
"refsource" : "CONFIRM", },
"url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html", ]
"refsource" : "CONFIRM", }
"url" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=640808", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=640808" "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html",
}, "refsource": "CONFIRM",
{ "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html"
"name" : "http://support.apple.com/kb/HT4723", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4723" "name": "mysql-derived-table-dos(64844)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64844"
"name" : "APPLE-SA-2011-06-23-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" "name": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html",
}, "refsource": "CONFIRM",
{ "url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html"
"name" : "DSA-2143", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2143" "name": "USN-1397-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1397-1"
"name" : "MDVSA-2010:222", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" "name": "http://support.apple.com/kb/HT4723",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4723"
"name" : "MDVSA-2010:223", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223" "name": "42875",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42875"
"name" : "TLSA-2011-3", },
"refsource" : "TURBO", {
"url" : "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=640808",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=640808"
"name" : "USN-1017-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1017-1" "name": "USN-1017-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1017-1"
"name" : "USN-1397-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1397-1" "name": "APPLE-SA-2011-06-23-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
"name" : "43676", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43676" "name": "TLSA-2011-3",
}, "refsource": "TURBO",
{ "url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt"
"name" : "42875", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42875" "name": "ADV-2011-0105",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0105"
"name" : "ADV-2011-0105", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0105" "name": "MDVSA-2010:222",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222"
"name" : "ADV-2011-0345", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0345" "name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html",
}, "refsource": "CONFIRM",
{ "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html"
"name" : "mysql-derived-table-dos(64844)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64844" "name": "DSA-2143",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2011/dsa-2143"
} },
} {
"name": "43676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43676"
},
{
"name": "ADV-2011-0345",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0345"
},
{
"name": "http://bugs.mysql.com/bug.php?id=55568",
"refsource": "MISC",
"url": "http://bugs.mysql.com/bug.php?id=55568"
},
{
"name": "MDVSA-2010:223",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223"
}
]
}
}

300
2010/4xxx/CVE-2010-4243.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-4243", "ID": "CVE-2010-4243",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an \"OOM dodging issue,\" a related issue to CVE-2010-3858."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" "lang": "eng",
}, "value": "fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an \"OOM dodging issue,\" a related issue to CVE-2010-3858."
{ }
"name" : "15619", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/15619" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[linux-kernel] 20100827 [PATCH] exec argument expansion can inappropriately trigger OOM-killer", "description": [
"refsource" : "MLIST", {
"url" : "http://lkml.org/lkml/2010/8/27/429" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", ]
"refsource" : "MLIST", }
"url" : "http://lkml.org/lkml/2010/8/29/206" ]
}, },
{ "references": {
"name" : "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://lkml.org/lkml/2010/8/30/138" "name": "[oss-security] 20101122 CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2010/11/22/6"
"name" : "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", },
"refsource" : "MLIST", {
"url" : "http://lkml.org/lkml/2010/8/30/378" "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
"name" : "[linux-kernel] 20101130 [PATCH 1/2] exec: make argv/envp memory visible to oom-killer", },
"refsource" : "MLIST", {
"url" : "http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html" "name": "RHSA-2011:0017",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
"name" : "[oss-security] 20101122 CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads", },
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/11/22/6" "name": "46397",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/46397"
"name" : "[oss-security] 20101122 Re: CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads", },
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/11/22/15" "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"
"name" : "http://grsecurity.net/~spender/64bit_dos.c", },
"refsource" : "MISC", {
"url" : "http://grsecurity.net/~spender/64bit_dos.c" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=625688",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625688"
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c77f845722158206a7209c45ccddc264d19319c", },
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c77f845722158206a7209c45ccddc264d19319c" "name": "linux-kernel-execve-dos(64700)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64700"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" "name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer",
}, "refsource": "MLIST",
{ "url": "http://lkml.org/lkml/2010/8/30/378"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=625688", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=625688" "name": "15619",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/15619"
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" "name": "[linux-kernel] 20101130 [PATCH 1/2] exec: make argv/envp memory visible to oom-killer",
}, "refsource": "MLIST",
{ "url": "http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html"
"name" : "RHSA-2011:0017", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0017.html" "name": "[oss-security] 20101122 Re: CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2010/11/22/15"
"name" : "45004", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45004" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
"name" : "42884", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42884" "name": "42884",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42884"
"name" : "46397", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46397" "name": "[linux-kernel] 20100827 [PATCH] exec argument expansion can inappropriately trigger OOM-killer",
}, "refsource": "MLIST",
{ "url": "http://lkml.org/lkml/2010/8/27/429"
"name" : "linux-kernel-execve-dos(64700)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64700" "name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer",
} "refsource": "MLIST",
] "url": "http://lkml.org/lkml/2010/8/30/138"
} },
} {
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c77f845722158206a7209c45ccddc264d19319c",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c77f845722158206a7209c45ccddc264d19319c"
},
{
"name": "http://grsecurity.net/~spender/64bit_dos.c",
"refsource": "MISC",
"url": "http://grsecurity.net/~spender/64bit_dos.c"
},
{
"name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer",
"refsource": "MLIST",
"url": "http://lkml.org/lkml/2010/8/29/206"
},
{
"name": "45004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45004"
}
]
}
}

120
2010/4xxx/CVE-2010-4856.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4856", "ID": "CVE-2010-4856",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "15219", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/15219" "lang": "eng",
} "value": "SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15219",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15219"
}
]
}
}

140
2010/4xxx/CVE-2010-4884.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4884", "ID": "CVE-2010-4884",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14810", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14810" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter."
{ }
"name" : "http://packetstormsecurity.org/1008-exploits/hinnendahlgb-rfi.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/1008-exploits/hinnendahlgb-rfi.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "8436", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8436" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1008-exploits/hinnendahlgb-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1008-exploits/hinnendahlgb-rfi.txt"
},
{
"name": "14810",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14810"
},
{
"name": "8436",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8436"
}
]
}
}

120
2010/4xxx/CVE-2010-4947.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4947", "ID": "CVE-2010-4947",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "15128", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/15128" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15128",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15128"
}
]
}
}

160
2011/1xxx/CVE-2011-1571.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1571", "ID": "CVE-2011-1571",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110329 CVE requests : Liferay 6.0.6", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/03/29/1" "lang": "eng",
}, "value": "Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors."
{ }
"name" : "[oss-security] 20110408 Re: CVE requests : Liferay 6.0.6", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/04/08/5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20110411 Re: CVE requests : Liferay 6.0.6", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/04/11/9" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://issues.liferay.com/browse/LPS-14726", ]
"refsource" : "CONFIRM", }
"url" : "http://issues.liferay.com/browse/LPS-14726" ]
}, },
{ "references": {
"name" : "http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952" "name": "http://issues.liferay.com/browse/LPS-14726",
} "refsource": "CONFIRM",
] "url": "http://issues.liferay.com/browse/LPS-14726"
} },
} {
"name": "[oss-security] 20110408 Re: CVE requests : Liferay 6.0.6",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/08/5"
},
{
"name": "[oss-security] 20110411 Re: CVE requests : Liferay 6.0.6",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/11/9"
},
{
"name": "[oss-security] 20110329 CVE requests : Liferay 6.0.6",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/29/1"
},
{
"name": "http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952",
"refsource": "CONFIRM",
"url": "http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952"
}
]
}
}

300
2014/3xxx/CVE-2014-3487.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3487", "ID": "CVE-2014-3487",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[file] 20140612 file-5.19 is now available", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mx.gw.com/pipermail/file/2014/001553.html" "lang": "eng",
}, "value": "The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file."
{ }
"name" : "http://www.php.net/ChangeLog-5.php", ]
"refsource" : "CONFIRM", },
"url" : "http://www.php.net/ChangeLog-5.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.php.net/bug.php?id=67413", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.php.net/bug.php?id=67413" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d" ]
}, },
{ "references": {
"name" : "http://support.apple.com/kb/HT6443", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT6443" "name": "https://support.apple.com/HT204659",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT204659"
"name" : "https://support.apple.com/HT204659", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT204659" "name": "RHSA-2014:1766",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" "name": "DSA-3021",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-3021"
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" "name": "HPSBUX03102",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
"name" : "APPLE-SA-2015-04-08-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"name" : "DSA-2974", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2974" "name": "DSA-2974",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-2974"
"name" : "DSA-3021", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3021" "name": "59794",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/59794"
"name" : "HPSBUX03102", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" "name": "http://www.php.net/ChangeLog-5.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.php.net/ChangeLog-5.php"
"name" : "SSRT101681", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" "name": "[file] 20140612 file-5.19 is now available",
}, "refsource": "MLIST",
{ "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
"name" : "RHSA-2014:1765", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html" "name": "APPLE-SA-2015-04-08-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
"name" : "RHSA-2014:1766", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html" "name": "http://support.apple.com/kb/HT6443",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT6443"
"name" : "openSUSE-SU-2014:1236", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html" "name": "https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d"
"name" : "68120", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68120" "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
"name" : "59794", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59794" "name": "RHSA-2014:1765",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
"name" : "59831", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59831" "name": "SSRT101681",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
} },
} {
"name": "https://bugs.php.net/bug.php?id=67413",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=67413"
},
{
"name": "59831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59831"
},
{
"name": "68120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68120"
},
{
"name": "openSUSE-SU-2014:1236",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
}
]
}
}

34
2014/3xxx/CVE-2014-3766.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3766", "ID": "CVE-2014-3766",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/3xxx/CVE-2014-3881.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2014-3881", "ID": "CVE-2014-3881",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://jvn.jp/en/jp/JVN80006084/995199/index.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://jvn.jp/en/jp/JVN80006084/995199/index.html" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users."
{ }
"name" : "JVN#36259412", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN36259412/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2014-000064", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000064" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN80006084/995199/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN80006084/995199/index.html"
},
{
"name": "JVN#36259412",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN36259412/index.html"
},
{
"name": "JVNDB-2014-000064",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000064"
}
]
}
}

34
2014/7xxx/CVE-2014-7166.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7166", "ID": "CVE-2014-7166",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/7xxx/CVE-2014-7595.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7595", "ID": "CVE-2014-7595",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The devada.co.uk (aka com.wdevadacouk) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The devada.co.uk (aka com.wdevadacouk) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#717489", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/717489" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#717489",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/717489"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

190
2014/7xxx/CVE-2014-7906.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2014-7906", "ID": "CVE-2014-7906",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime."
{ }
"name" : "https://chromium.googlesource.com/chromium/src/+/3a2cf7d1376ae33054b878232fb38b8fbed29e31", ]
"refsource" : "CONFIRM", },
"url" : "https://chromium.googlesource.com/chromium/src/+/3a2cf7d1376ae33054b878232fb38b8fbed29e31" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://code.google.com/p/chromium/issues/detail?id=423030", "description": [
"refsource" : "CONFIRM", {
"url" : "https://code.google.com/p/chromium/issues/detail?id=423030" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2014:1894", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1894.html" ]
}, },
{ "references": {
"name" : "71159", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71159" "name": "1031241",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1031241"
"name" : "1031241", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031241" "name": "https://code.google.com/p/chromium/issues/detail?id=423030",
}, "refsource": "CONFIRM",
{ "url": "https://code.google.com/p/chromium/issues/detail?id=423030"
"name" : "60194", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60194" "name": "RHSA-2014:1894",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-1894.html"
"name" : "google-chrome-cve20147906-code-exec(98794)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98794" "name": "60194",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/60194"
} },
} {
"name": "https://chromium.googlesource.com/chromium/src/+/3a2cf7d1376ae33054b878232fb38b8fbed29e31",
"refsource": "CONFIRM",
"url": "https://chromium.googlesource.com/chromium/src/+/3a2cf7d1376ae33054b878232fb38b8fbed29e31"
},
{
"name": "google-chrome-cve20147906-code-exec(98794)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98794"
},
{
"name": "71159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71159"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"
}
]
}
}

34
2014/8xxx/CVE-2014-8342.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8342", "ID": "CVE-2014-8342",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2014/8xxx/CVE-2014-8515.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8515", "ID": "CVE-2014-8515",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-418/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-418/" "lang": "eng",
} "value": "The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-418/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-418/"
}
]
}
}

34
2014/8xxx/CVE-2014-8818.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-8818", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-8818",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

130
2014/9xxx/CVE-2014-9153.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9153", "ID": "CVE-2014-9153",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.drupal.org/node/2344389", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.drupal.org/node/2344389" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response."
{ }
"name" : "https://www.drupal.org/node/2344423", ]
"refsource" : "CONFIRM", },
"url" : "https://www.drupal.org/node/2344423" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2344423",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2344423"
},
{
"name": "https://www.drupal.org/node/2344389",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2344389"
}
]
}
}

140
2014/9xxx/CVE-2014-9879.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2014-9879", "ID": "CVE-2014-9879",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-08-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-08-01.html" "lang": "eng",
}, "value": "The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490."
{ }
"name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4", ]
"refsource" : "CONFIRM", },
"url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92219", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92219" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "92219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92219"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4"
}
]
}
}

130
2014/9xxx/CVE-2014-9952.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2014-9952", "ID": "CVE-2014-9952",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "All Qualcomm products", "product_name": "All Qualcomm products",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Capture-Replay Vulnerability in Secure File System"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-05-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-05-01" "lang": "eng",
}, "value": "In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist."
{ }
"name" : "98253", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98253" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Capture-Replay Vulnerability in Secure File System"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98253"
},
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
}
]
}
}

120
2016/2xxx/CVE-2016-2245.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2016-2245", "ID": "CVE-2016-2245",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBGN03438", "description_data": [
"refsource" : "HP", {
"url" : "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05031674" "lang": "eng",
} "value": "HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBGN03438",
"refsource": "HP",
"url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05031674"
}
]
}
}

34
2016/2xxx/CVE-2016-2595.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2595", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2595",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

140
2016/2xxx/CVE-2016-2861.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-2861", "ID": "CVE-2016-2861",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983036", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983036" "lang": "eng",
}, "value": "IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."
{ }
"name" : "PI60897", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "PI60898", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "PI60897",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983036",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983036"
},
{
"name": "PI60898",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898"
}
]
}
}

130
2016/6xxx/CVE-2016-6266.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6266", "ID": "CVE-2016-6266",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/", "description_data": [
"refsource" : "MISC", {
"url" : "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/" "lang": "eng",
}, "value": "ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action."
{ }
"name" : "https://success.trendmicro.com/solution/1114913", ]
"refsource" : "CONFIRM", },
"url" : "https://success.trendmicro.com/solution/1114913" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/",
"refsource": "MISC",
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"name": "https://success.trendmicro.com/solution/1114913",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1114913"
}
]
}
}

130
2016/6xxx/CVE-2016-6312.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-6312", "ID": "CVE-2016-6312",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1364122", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1364122" "lang": "eng",
}, "value": "The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955."
{ }
"name" : "92320", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/92320" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1364122",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1364122"
},
{
"name": "92320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92320"
}
]
}
}

140
2016/6xxx/CVE-2016-6953.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-6953", "ID": "CVE-2016-6953",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993."
{ }
"name" : "93491", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93491" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036986", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036986" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "93491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93491"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
}
]
}
}

130
2016/7xxx/CVE-2016-7110.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7110", "ID": "CVE-2016-7110",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via \"special characters,\" a different vulnerability than CVE-2016-7109."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en" "lang": "eng",
}, "value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via \"special characters,\" a different vulnerability than CVE-2016-7109."
{ }
"name" : "92617", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/92617" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92617"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en"
}
]
}
}

180
2016/7xxx/CVE-2016-7592.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-7592", "ID": "CVE-2016-7592",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207421", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207421" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site."
{ }
"name" : "https://support.apple.com/HT207422", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207422" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207424", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207424" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207427", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207427" ]
}, },
{ "references": {
"name" : "GLSA-201706-15", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201706-15" "name": "https://support.apple.com/HT207427",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207427"
"name" : "94909", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94909" "name": "https://support.apple.com/HT207421",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207421"
"name" : "1037459", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037459" "name": "1037459",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1037459"
} },
} {
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
},
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "https://support.apple.com/HT207424",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207424"
},
{
"name": "94909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94909"
}
]
}
}

130
2017/5xxx/CVE-2017-5237.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@rapid7.com", "ASSIGNER": "cve@rapid7.com",
"ID" : "CVE-2017-5237", "ID": "CVE-2017-5237",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "EV-07S GPS Tracker", "product_name": "EV-07S GPS Tracker",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All" "version_value": "All"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Eview" "vendor_name": "Eview"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unauthenticated remote factory reset"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities", "description_data": [
"refsource" : "MISC", {
"url" : "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities" "lang": "eng",
}, "value": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\""
{ }
"name" : "97186", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97186" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Unauthenticated remote factory reset"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97186"
}
]
}
}