admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:17:31 +00:00
parent 5fbcf22329
commit 141cb97700
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 4086 additions and 4086 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2006/0xxx/CVE-2006-0099.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1401",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1401"
},
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/cijfer-vscxpl.pl",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/cijfer-vscxpl.pl"
},
{
"name" : "16126",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16126"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/cijfer-vscxpl.pl",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/cijfer-vscxpl.pl"
},
{
"name": "1401",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1401"
}
]
}
}

200
2006/0xxx/CVE-2006-0368.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0368",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060118 Cisco Call Manager Denial of Service",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml"
},
{
"name" : "16295",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16295"
},
{
"name" : "ADV-2006-0249",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0249"
},
{
"name" : "22622",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22622"
},
{
"name" : "22623",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22623"
},
{
"name" : "1015503",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015503"
},
{
"name" : "18494",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18494"
},
{
"name" : "359",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/359"
},
{
"name" : "cisco-callmanager-port-connection-dos(24180)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24180"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015503",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015503"
},
{
"name": "ADV-2006-0249",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0249"
},
{
"name": "20060118 Cisco Call Manager Denial of Service",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml"
},
{
"name": "cisco-callmanager-port-connection-dos(24180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24180"
},
{
"name": "16295",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16295"
},
{
"name": "22623",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22623"
},
{
"name": "22622",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22622"
},
{
"name": "359",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/359"
},
{
"name": "18494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18494"
}
]
}
}

180
2006/0xxx/CVE-2006-0620.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0620",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users to execute arbitrary code via unspecified manipulations of the PHFONT and PHOTON2_PATH environment variables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060207 QNX Neutrino RTOS phfont Race Condition Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=383"
},
{
"name" : "16539",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16539"
},
{
"name" : "ADV-2006-0474",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0474"
},
{
"name" : "22963",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22963"
},
{
"name" : "1015599",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015599"
},
{
"name" : "18750",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18750"
},
{
"name" : "qnx-phfont-race-condition(24555)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users to execute arbitrary code via unspecified manipulations of the PHFONT and PHOTON2_PATH environment variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "qnx-phfont-race-condition(24555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24555"
},
{
"name": "ADV-2006-0474",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0474"
},
{
"name": "18750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18750"
},
{
"name": "1015599",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015599"
},
{
"name": "20060207 QNX Neutrino RTOS phfont Race Condition Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=383"
},
{
"name": "16539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16539"
},
{
"name": "22963",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22963"
}
]
}
}

190
2006/1xxx/CVE-2006-1146.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060307 Multiple vulnerabilities in Alien Arena 2006 GE 5.00",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426984/100/0/threaded"
},
{
"name" : "20060307 Multiple vulnerabilities in Alien Arena 2006 GE 5.00",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0147.html"
},
{
"name" : "http://aluigi.altervista.org/adv/aa2k6x-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/aa2k6x-adv.txt"
},
{
"name" : "17028",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17028"
},
{
"name" : "ADV-2006-0882",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0882"
},
{
"name" : "23748",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23748"
},
{
"name" : "19144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19144"
},
{
"name" : "alien-cmd-sa-f-bo(25200)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25200"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060307 Multiple vulnerabilities in Alien Arena 2006 GE 5.00",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426984/100/0/threaded"
},
{
"name": "alien-cmd-sa-f-bo(25200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25200"
},
{
"name": "http://aluigi.altervista.org/adv/aa2k6x-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/aa2k6x-adv.txt"
},
{
"name": "ADV-2006-0882",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0882"
},
{
"name": "23748",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23748"
},
{
"name": "19144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19144"
},
{
"name": "20060307 Multiple vulnerabilities in Alien Arena 2006 GE 5.00",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0147.html"
},
{
"name": "17028",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17028"
}
]
}
}

140
2006/1xxx/CVE-2006-1564.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1564",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359234",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359234"
},
{
"name" : "17288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17288"
},
{
"name" : "libapache2-svn-file-upload(25680)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25680"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17288"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359234",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359234"
},
{
"name": "libapache2-svn-file-upload(25680)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25680"
}
]
}
}

190
2006/1xxx/CVE-2006-1627.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1627",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430869/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2005-68/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2005-68/advisory/"
},
{
"name" : "http://www.adobe.com/support/techdocs/322699.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/techdocs/322699.html"
},
{
"name" : "17500",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17500"
},
{
"name" : "ADV-2006-1342",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1342"
},
{
"name" : "1015905",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015905"
},
{
"name" : "15924",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15924"
},
{
"name" : "adobe-access-control-bypass(25769)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25769"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430869/100/0/threaded"
},
{
"name": "adobe-access-control-bypass(25769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25769"
},
{
"name": "http://www.adobe.com/support/techdocs/322699.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/techdocs/322699.html"
},
{
"name": "1015905",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015905"
},
{
"name": "15924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15924"
},
{
"name": "http://secunia.com/secunia_research/2005-68/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-68/advisory/"
},
{
"name": "ADV-2006-1342",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1342"
},
{
"name": "17500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17500"
}
]
}
}

120
2006/1xxx/CVE-2006-1686.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1686",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html"
}
]
}
}

150
2006/1xxx/CVE-2006-1692.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that this was discovered during post-disclosure analysis."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-1270",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1270"
},
{
"name" : "24905",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24905"
},
{
"name" : "24445",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24445"
},
{
"name" : "19568",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19568"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that this was discovered during post-disclosure analysis."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19568"
},
{
"name": "ADV-2006-1270",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1270"
},
{
"name": "24905",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24905"
},
{
"name": "24445",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24445"
}
]
}
}

150
2006/5xxx/CVE-2006-5175.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#93484133",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2393484133/index.html"
},
{
"name" : "ADV-2006-3891",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3891"
},
{
"name" : "22248",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22248"
},
{
"name" : "terastation-admin-interface-csrf(29338)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29338"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22248",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22248"
},
{
"name": "terastation-admin-interface-csrf(29338)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29338"
},
{
"name": "JVN#93484133",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2393484133/index.html"
},
{
"name": "ADV-2006-3891",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3891"
}
]
}
}

150
2006/5xxx/CVE-2006-5380.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Remote file inclusion vulnerability in Contenido CMS allows remote attackers to execute arbitrary PHP code via a URL in the contenido_path parameter to (1) cms/dbfs.php or (2) cms/front_content.php. NOTE: CVE disputes this issue for version 4.6.15, because $contenido_path is set to a static value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061013 CMS contenido Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448549/100/0/threaded"
},
{
"name" : "20061017 Contenido RFI - CVE dispute",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-October/001084.html"
},
{
"name" : "1739",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1739"
},
{
"name" : "contenido-contenido-file-include(29549)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29549"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Remote file inclusion vulnerability in Contenido CMS allows remote attackers to execute arbitrary PHP code via a URL in the contenido_path parameter to (1) cms/dbfs.php or (2) cms/front_content.php. NOTE: CVE disputes this issue for version 4.6.15, because $contenido_path is set to a static value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061013 CMS contenido Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448549/100/0/threaded"
},
{
"name": "20061017 Contenido RFI - CVE dispute",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-October/001084.html"
},
{
"name": "contenido-contenido-file-include(29549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29549"
},
{
"name": "1739",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1739"
}
]
}
}

160
2006/5xxx/CVE-2006-5599.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061023 Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449500/100/0/threaded"
},
{
"name" : "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html",
"refsource" : "MISC",
"url" : "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_apex_css_wwv_flow_item_help.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_apex_css_wwv_flow_item_help.html"
},
{
"name" : "TA06-291A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
},
{
"name" : "1792",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1792"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1792",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1792"
},
{
"name": "20061023 Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449500/100/0/threaded"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_apex_css_wwv_flow_item_help.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_apex_css_wwv_flow_item_help.html"
},
{
"name": "TA06-291A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
},
{
"name": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html"
}
]
}
}

190
2006/5xxx/CVE-2006-5885.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5885",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Products.asp in NuStore 1.0 allows remote attackers to execute arbitrary SQL commands via the SubCatagoryID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061111 NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451334/100/0/threaded"
},
{
"name" : "2756",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2756"
},
{
"name" : "21019",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21019"
},
{
"name" : "ADV-2006-4472",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4472"
},
{
"name" : "1017216",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017216"
},
{
"name" : "22829",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22829"
},
{
"name" : "1856",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1856"
},
{
"name" : "nustore-products-sql-injection(30195)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30195"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Products.asp in NuStore 1.0 allows remote attackers to execute arbitrary SQL commands via the SubCatagoryID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4472",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4472"
},
{
"name": "nustore-products-sql-injection(30195)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30195"
},
{
"name": "20061111 NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451334/100/0/threaded"
},
{
"name": "1017216",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017216"
},
{
"name": "2756",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2756"
},
{
"name": "1856",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1856"
},
{
"name": "21019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21019"
},
{
"name": "22829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22829"
}
]
}
}

210
2007/2xxx/CVE-2007-2540.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2540",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3852",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3852"
},
{
"name" : "23829",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23829"
},
{
"name" : "35777",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35777"
},
{
"name" : "35778",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35778"
},
{
"name" : "35779",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35779"
},
{
"name" : "35780",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35780"
},
{
"name" : "35781",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35781"
},
{
"name" : "ADV-2007-1670",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1670"
},
{
"name" : "25177",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25177"
},
{
"name" : "pmecms-configpathmod-file-include(34104)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3852",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3852"
},
{
"name": "pmecms-configpathmod-file-include(34104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34104"
},
{
"name": "35779",
"refsource": "OSVDB",
"url": "http://osvdb.org/35779"
},
{
"name": "35778",
"refsource": "OSVDB",
"url": "http://osvdb.org/35778"
},
{
"name": "23829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23829"
},
{
"name": "ADV-2007-1670",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1670"
},
{
"name": "35777",
"refsource": "OSVDB",
"url": "http://osvdb.org/35777"
},
{
"name": "35781",
"refsource": "OSVDB",
"url": "http://osvdb.org/35781"
},
{
"name": "25177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25177"
},
{
"name": "35780",
"refsource": "OSVDB",
"url": "http://osvdb.org/35780"
}
]
}
}

200
2010/0xxx/CVE-2010-0438.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://otrs.org/advisory/OSA-2010-01-en/",
"refsource" : "CONFIRM",
"url" : "http://otrs.org/advisory/OSA-2010-01-en/"
},
{
"name" : "http://otrs.org/releases/2.4.7/",
"refsource" : "CONFIRM",
"url" : "http://otrs.org/releases/2.4.7/"
},
{
"name" : "http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log",
"refsource" : "CONFIRM",
"url" : "http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log"
},
{
"name" : "http://www.otrs.org/news/2010/otrs_2-4-7/",
"refsource" : "CONFIRM",
"url" : "http://www.otrs.org/news/2010/otrs_2-4-7/"
},
{
"name" : "SUSE-SR:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name" : "38146",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38146"
},
{
"name" : "62181",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/62181"
},
{
"name" : "38507",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38507"
},
{
"name" : "38544",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38544"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.otrs.org/news/2010/otrs_2-4-7/",
"refsource": "CONFIRM",
"url": "http://www.otrs.org/news/2010/otrs_2-4-7/"
},
{
"name": "38507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38507"
},
{
"name": "http://otrs.org/releases/2.4.7/",
"refsource": "CONFIRM",
"url": "http://otrs.org/releases/2.4.7/"
},
{
"name": "38146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38146"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log"
},
{
"name": "http://otrs.org/advisory/OSA-2010-01-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2010-01-en/"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "62181",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62181"
},
{
"name": "38544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38544"
}
]
}
}

170
2010/0xxx/CVE-2010-0520.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0520",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100402 ZDI-10-044: Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510520/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-044",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-044"
},
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2010-03-30-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
},
{
"name" : "oval:org.mitre.oval:def:6801",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6801"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-044",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-044"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:6801",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6801"
},
{
"name": "20100402 ZDI-10-044: Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510520/100/0/threaded"
},
{
"name": "APPLE-SA-2010-03-30-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
}
]
}
}

200
2010/0xxx/CVE-2010-0705.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0705",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100223 [TKADV2010-003] avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509710/100/0/threaded"
},
{
"name" : "http://www.trapkit.de/advisories/TKADV2010-003.txt",
"refsource" : "MISC",
"url" : "http://www.trapkit.de/advisories/TKADV2010-003.txt"
},
{
"name" : "http://forum.avast.com/index.php?topic=55484.0",
"refsource" : "CONFIRM",
"url" : "http://forum.avast.com/index.php?topic=55484.0"
},
{
"name" : "38363",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38363"
},
{
"name" : "62510",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62510"
},
{
"name" : "1023644",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023644"
},
{
"name" : "38677",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38677"
},
{
"name" : "38689",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38689"
},
{
"name" : "ADV-2010-0449",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0449"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38363"
},
{
"name": "62510",
"refsource": "OSVDB",
"url": "http://osvdb.org/62510"
},
{
"name": "38689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38689"
},
{
"name": "ADV-2010-0449",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0449"
},
{
"name": "http://forum.avast.com/index.php?topic=55484.0",
"refsource": "CONFIRM",
"url": "http://forum.avast.com/index.php?topic=55484.0"
},
{
"name": "20100223 [TKADV2010-003] avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509710/100/0/threaded"
},
{
"name": "1023644",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023644"
},
{
"name": "38677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38677"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2010-003.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2010-003.txt"
}
]
}
}

210
2010/0xxx/CVE-2010-0730.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "[oss-security] 20100507 CVE-2010-0730 xen: emulator instruction decoding inconsistency",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/05/07/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=572971",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=572971"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100088287",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100088287"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "RHSA-2010:0398",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0398.html"
},
{
"name" : "39979",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39979"
},
{
"name" : "oval:org.mitre.oval:def:11430",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11430"
},
{
"name" : "39649",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39649"
},
{
"name" : "43315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43315"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100507 CVE-2010-0730 xen: emulator instruction decoding inconsistency",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/07/1"
},
{
"name": "39979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39979"
},
{
"name": "oval:org.mitre.oval:def:11430",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11430"
},
{
"name": "39649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39649"
},
{
"name": "43315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43315"
},
{
"name": "RHSA-2010:0398",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0398.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100088287",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100088287"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=572971",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=572971"
}
]
}
}

160
2010/0xxx/CVE-2010-0811.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0811",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that \"corrupt the system state,\" aka \"Microsoft Internet Explorer 8 Developer Tools Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-034",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-034"
},
{
"name" : "MS11-027",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-027"
},
{
"name" : "TA10-159B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name" : "oval:org.mitre.oval:def:7492",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7492"
},
{
"name" : "oval:org.mitre.oval:def:12534",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12534"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that \"corrupt the system state,\" aka \"Microsoft Internet Explorer 8 Developer Tools Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7492",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7492"
},
{
"name": "MS11-027",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-027"
},
{
"name": "oval:org.mitre.oval:def:12534",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12534"
},
{
"name": "MS10-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-034"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
]
}
}

180
2010/0xxx/CVE-2010-0983.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1001-exploits/rezervi-rfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1001-exploits/rezervi-rfi.txt"
},
{
"name" : "10967",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10967"
},
{
"name" : "37589",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37589"
},
{
"name" : "61450",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61450"
},
{
"name" : "38118",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38118"
},
{
"name" : "ADV-2010-0016",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0016"
},
{
"name" : "rezervi-mailinc-file-include(55341)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55341"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rezervi-mailinc-file-include(55341)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55341"
},
{
"name": "37589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37589"
},
{
"name": "10967",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10967"
},
{
"name": "http://packetstormsecurity.org/1001-exploits/rezervi-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/rezervi-rfi.txt"
},
{
"name": "ADV-2010-0016",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0016"
},
{
"name": "38118",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38118"
},
{
"name": "61450",
"refsource": "OSVDB",
"url": "http://osvdb.org/61450"
}
]
}
}

170
2010/1xxx/CVE-2010-1660.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1660",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in help-details.php in CLScript Classifieds Script allows remote attackers to execute arbitrary SQL commands via the hpId parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1004-exploits/clscriptclassfieds-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/clscriptclassfieds-sql.txt"
},
{
"name" : "12423",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12423"
},
{
"name" : "39737",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39737"
},
{
"name" : "39612",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39612"
},
{
"name" : "ADV-2010-1010",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1010"
},
{
"name" : "classifiedsscript-helpdetails-sql-injection(58181)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58181"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in help-details.php in CLScript Classifieds Script allows remote attackers to execute arbitrary SQL commands via the hpId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12423",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12423"
},
{
"name": "39737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39737"
},
{
"name": "ADV-2010-1010",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1010"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/clscriptclassfieds-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/clscriptclassfieds-sql.txt"
},
{
"name": "39612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39612"
},
{
"name": "classifiedsscript-helpdetails-sql-injection(58181)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58181"
}
]
}
}

130
2010/1xxx/CVE-2010-1991.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1991",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100518 DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511327/100/0/threaded"
},
{
"name" : "http://websecurity.com.ua/4206/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/4206/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/4206/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/4206/"
},
{
"name": "20100518 DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded"
}
]
}
}

410
2010/3xxx/CVE-2010-3614.json
View File

@ -1,207 +1,207 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3614",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-3614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name" : "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name" : "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories",
"refsource" : "CONFIRM",
"url" : "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories"
},
{
"name" : "http://www.isc.org/software/bind/advisories/cve-2010-3614",
"refsource" : "CONFIRM",
"url" : "http://www.isc.org/software/bind/advisories/cve-2010-3614"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100124923",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100124923"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
},
{
"name" : "http://support.apple.com/kb/HT5002",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5002"
},
{
"name" : "APPLE-SA-2011-10-12-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name" : "DSA-2130",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2130"
},
{
"name" : "FEDORA-2010-18521",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html"
},
{
"name" : "FEDORA-2010-18469",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html"
},
{
"name" : "MDVSA-2010:253",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:253"
},
{
"name" : "RHSA-2010:0976",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0976.html"
},
{
"name" : "RHSA-2010:0975",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0975.html"
},
{
"name" : "SSA:2010-350-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190"
},
{
"name" : "USN-1025-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1025-1"
},
{
"name" : "VU#837744",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/837744"
},
{
"name" : "45137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45137"
},
{
"name" : "69559",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/69559"
},
{
"name" : "1024817",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024817"
},
{
"name" : "42435",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42435"
},
{
"name" : "42459",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42459"
},
{
"name" : "42522",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42522"
},
{
"name" : "42671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42671"
},
{
"name" : "ADV-2010-3102",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3102"
},
{
"name" : "ADV-2010-3103",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3103"
},
{
"name" : "ADV-2010-3138",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3138"
},
{
"name" : "ADV-2010-3139",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3139"
},
{
"name" : "ADV-2010-3140",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3140"
},
{
"name" : "ADV-2011-0606",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0606"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-3139",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3139"
},
{
"name": "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories",
"refsource": "CONFIRM",
"url": "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories"
},
{
"name": "MDVSA-2010:253",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:253"
},
{
"name": "1024817",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024817"
},
{
"name": "42459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42459"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name": "69559",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69559"
},
{
"name": "ADV-2011-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "45137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45137"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "RHSA-2010:0975",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0975.html"
},
{
"name": "42522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42522"
},
{
"name": "ADV-2010-3103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3103"
},
{
"name": "RHSA-2010:0976",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0976.html"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "VU#837744",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/837744"
},
{
"name": "ADV-2010-3102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3102"
},
{
"name": "42435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42435"
},
{
"name": "http://www.isc.org/software/bind/advisories/cve-2010-3614",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/bind/advisories/cve-2010-3614"
},
{
"name": "USN-1025-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1025-1"
},
{
"name": "ADV-2010-3140",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3140"
},
{
"name": "ADV-2010-3138",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3138"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "42671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42671"
},
{
"name": "DSA-2130",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2130"
},
{
"name": "http://support.avaya.com/css/P8/documents/100124923",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100124923"
},
{
"name": "FEDORA-2010-18469",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html"
},
{
"name": "SSA:2010-350-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190"
},
{
"name": "FEDORA-2010-18521",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
}
]
}
}

280
2010/3xxx/CVE-2010-3856.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3856",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
},
{
"name" : "44025",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44025/"
},
{
"name" : "20101022 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2010/Oct/344"
},
{
"name" : "[libc-hacker] 20101022 [PATCH] Require suid bit on audit objects in privileged programs",
"refsource" : "MLIST",
"url" : "http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0001.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=645672",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=645672"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100121017",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100121017"
},
{
"name" : "DSA-2122",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2122"
},
{
"name" : "GLSA-201011-01",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201011-01.xml"
},
{
"name" : "MDVSA-2010:212",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:212"
},
{
"name" : "RHSA-2010:0793",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0793.html"
},
{
"name" : "RHSA-2010:0872",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0872.html"
},
{
"name" : "SUSE-SA:2010:052",
"refsource" : "SUSE",
"url" : "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html"
},
{
"name" : "USN-1009-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1009-1"
},
{
"name" : "44347",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44347"
},
{
"name" : "42787",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42787"
},
{
"name" : "ADV-2011-0025",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0025"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20101022 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Oct/344"
},
{
"name": "44347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44347"
},
{
"name": "GLSA-201011-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201011-01.xml"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100121017",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100121017"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=645672",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=645672"
},
{
"name": "RHSA-2010:0872",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0872.html"
},
{
"name": "SUSE-SA:2010:052",
"refsource": "SUSE",
"url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html"
},
{
"name": "44025",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44025/"
},
{
"name": "DSA-2122",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2122"
},
{
"name": "USN-1009-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1009-1"
},
{
"name": "[libc-hacker] 20101022 [PATCH] Require suid bit on audit objects in privileged programs",
"refsource": "MLIST",
"url": "http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html"
},
{
"name": "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
},
{
"name": "MDVSA-2010:212",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:212"
},
{
"name": "42787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42787"
},
{
"name": "ADV-2011-0025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0025"
},
{
"name": "RHSA-2010:0793",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0793.html"
}
]
}
}

250
2010/4xxx/CVE-2010-4535.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4535",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101223 CVE Request -- Django 1.2.4, Django 1.1.3 and Django 1.3 beta 1 -- addressing two security flaws",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/12/23/4"
},
{
"name" : "[oss-security] 20110103 Re: CVE Request -- Django 1.2.4, Django 1.1.3 and Django 1.3 beta 1 -- addressing two security flaws",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/01/03/5"
},
{
"name" : "http://code.djangoproject.com/changeset/15032",
"refsource" : "CONFIRM",
"url" : "http://code.djangoproject.com/changeset/15032"
},
{
"name" : "http://www.djangoproject.com/weblog/2010/dec/22/security/",
"refsource" : "CONFIRM",
"url" : "http://www.djangoproject.com/weblog/2010/dec/22/security/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=665373",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=665373"
},
{
"name" : "FEDORA-2011-0096",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html"
},
{
"name" : "FEDORA-2011-0120",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html"
},
{
"name" : "USN-1040-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1040-1"
},
{
"name" : "45563",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45563"
},
{
"name" : "42715",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42715"
},
{
"name" : "42827",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42827"
},
{
"name" : "42913",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42913"
},
{
"name" : "ADV-2011-0048",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0048"
},
{
"name" : "ADV-2011-0098",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0098"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.djangoproject.com/changeset/15032",
"refsource": "CONFIRM",
"url": "http://code.djangoproject.com/changeset/15032"
},
{
"name": "[oss-security] 20101223 CVE Request -- Django 1.2.4, Django 1.1.3 and Django 1.3 beta 1 -- addressing two security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/12/23/4"
},
{
"name": "USN-1040-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1040-1"
},
{
"name": "45563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45563"
},
{
"name": "[oss-security] 20110103 Re: CVE Request -- Django 1.2.4, Django 1.1.3 and Django 1.3 beta 1 -- addressing two security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/5"
},
{
"name": "42913",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42913"
},
{
"name": "ADV-2011-0048",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0048"
},
{
"name": "ADV-2011-0098",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0098"
},
{
"name": "http://www.djangoproject.com/weblog/2010/dec/22/security/",
"refsource": "CONFIRM",
"url": "http://www.djangoproject.com/weblog/2010/dec/22/security/"
},
{
"name": "FEDORA-2011-0096",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=665373",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=665373"
},
{
"name": "42715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42715"
},
{
"name": "FEDORA-2011-0120",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html"
},
{
"name": "42827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42827"
}
]
}
}

140
2010/4xxx/CVE-2010-4803.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4803",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes",
"refsource" : "CONFIRM",
"url" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name" : "DSA-2239",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2239"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2239"
}
]
}
}

220
2014/0xxx/CVE-2014-0243.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0243",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140528 LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "https://www.securityfocus.com/archive/1/532224/100/0/threaded"
},
{
"name" : "20140528 LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/May/145"
},
{
"name" : "[oss-security] 20140528 LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/28/1"
},
{
"name" : "http://packetstormsecurity.com/files/126857/Check_MK-Arbitrary-File-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/126857/Check_MK-Arbitrary-File-Disclosure.html"
},
{
"name" : "http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=0426323df1641596c4f01ef5a716a3b65276f01c",
"refsource" : "CONFIRM",
"url" : "http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=0426323df1641596c4f01ef5a716a3b65276f01c"
},
{
"name" : "http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a2ef8d00c53ec9cbd05c4ae2f09b50761130e7ce",
"refsource" : "CONFIRM",
"url" : "http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a2ef8d00c53ec9cbd05c4ae2f09b50761130e7ce"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101669",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101669"
},
{
"name" : "FEDORA-2014-6810",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134166.html"
},
{
"name" : "FEDORA-2014-6818",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134160.html"
},
{
"name" : "67674",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67674"
},
{
"name" : "58536",
"refsource" : "SECUNIA",
"url" : "https://secuniaresearch.flexerasoftware.com/advisories/58536"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58536",
"refsource": "SECUNIA",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/58536"
},
{
"name": "[oss-security] 20140528 LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/28/1"
},
{
"name": "67674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67674"
},
{
"name": "FEDORA-2014-6810",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134166.html"
},
{
"name": "http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=0426323df1641596c4f01ef5a716a3b65276f01c",
"refsource": "CONFIRM",
"url": "http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=0426323df1641596c4f01ef5a716a3b65276f01c"
},
{
"name": "FEDORA-2014-6818",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134160.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101669",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101669"
},
{
"name": "20140528 LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/145"
},
{
"name": "http://packetstormsecurity.com/files/126857/Check_MK-Arbitrary-File-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126857/Check_MK-Arbitrary-File-Disclosure.html"
},
{
"name": "20140528 LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "https://www.securityfocus.com/archive/1/532224/100/0/threaded"
},
{
"name": "http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a2ef8d00c53ec9cbd05c4ae2f09b50761130e7ce",
"refsource": "CONFIRM",
"url": "http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a2ef8d00c53ec9cbd05c4ae2f09b50761130e7ce"
}
]
}
}

122
2014/10xxx/CVE-2014-10066.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2014-10066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "fancy-server node module",
"version" : {
"version_data" : [
{
"version_value" : "<0.1.4"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2014-10066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "fancy-server node module",
"version": {
"version_data": [
{
"version_value": "<0.1.4"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/9",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/9"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/9",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/9"
}
]
}
}

160
2014/3xxx/CVE-2014-3284.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34346",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34346"
},
{
"name" : "20140523 Cisco IOS XE Software PPPoE Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3284"
},
{
"name" : "67603",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67603"
},
{
"name" : "1030283",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030283"
},
{
"name" : "58405",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58405"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030283",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030283"
},
{
"name": "67603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67603"
},
{
"name": "58405",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58405"
},
{
"name": "20140523 Cisco IOS XE Software PPPoE Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3284"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34346",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34346"
}
]
}
}

170
2014/4xxx/CVE-2014-4362.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT6441",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6441"
},
{
"name" : "APPLE-SA-2014-09-17-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name" : "69882",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69882"
},
{
"name" : "69920",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69920"
},
{
"name" : "1030866",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030866"
},
{
"name" : "appleios-cve20144362-info-disc(96104)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT6441",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "69920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69920"
},
{
"name": "1030866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "69882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "appleios-cve20144362-info-disc(96104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96104"
},
{
"name": "APPLE-SA-2014-09-17-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
}
]
}
}

120
2014/4xxx/CVE-2014-4683.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
]
}
}

34
2014/4xxx/CVE-2014-4842.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4842",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4842",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/8xxx/CVE-2014-8025.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141222 Cisco Jabber Guest Server HTML5 Response Disclosure",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8025"
},
{
"name" : "20150106 Cisco Jabber Guest Server HTML5 Response Disclosure",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=36871"
},
{
"name" : "71768",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71768"
},
{
"name" : "1031422",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031422"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031422",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031422"
},
{
"name": "20150106 Cisco Jabber Guest Server HTML5 Response Disclosure",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=36871"
},
{
"name": "20141222 Cisco Jabber Guest Server HTML5 Response Disclosure",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8025"
},
{
"name": "71768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71768"
}
]
}
}

120
2014/8xxx/CVE-2014-8529.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8529",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10053",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10053"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053"
}
]
}
}

140
2014/9xxx/CVE-2014-9144.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9144",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141203 Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534143/100/0/threaded"
},
{
"name" : "35462",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35462"
},
{
"name" : "http://packetstormsecurity.com/files/129374/ADSL2-2.05.C29GV-XSS-URL-Redirect-Command-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129374/ADSL2-2.05.C29GV-XSS-URL-Redirect-Command-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141203 Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534143/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/129374/ADSL2-2.05.C29GV-XSS-URL-Redirect-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129374/ADSL2-2.05.C29GV-XSS-URL-Redirect-Command-Injection.html"
},
{
"name": "35462",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35462"
}
]
}
}

170
2014/9xxx/CVE-2014-9222.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \"Misfortune Cookie\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141219 The Misfortune Cookie Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/87"
},
{
"name" : "http://mis.fortunecook.ie/",
"refsource" : "MISC",
"url" : "http://mis.fortunecook.ie/"
},
{
"name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
},
{
"name" : "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html",
"refsource" : "CONFIRM",
"url" : "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
},
{
"name" : "VU#561444",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/561444"
},
{
"name" : "105173",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105173"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \"Misfortune Cookie\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mis.fortunecook.ie/",
"refsource": "MISC",
"url": "http://mis.fortunecook.ie/"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
},
{
"name": "105173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105173"
},
{
"name": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html",
"refsource": "CONFIRM",
"url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
},
{
"name": "20141219 The Misfortune Cookie Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/87"
},
{
"name": "VU#561444",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/561444"
}
]
}
}

250
2014/9xxx/CVE-2014-9669.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9669",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/google-security-research/issues/detail?id=163",
"refsource" : "MISC",
"url" : "http://code.google.com/p/google-security-research/issues/detail?id=163"
},
{
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565"
},
{
"name" : "http://advisories.mageia.org/MGASA-2015-0083.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2015-0083.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "DSA-3188",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3188"
},
{
"name" : "FEDORA-2015-2216",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"
},
{
"name" : "FEDORA-2015-2237",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"
},
{
"name" : "GLSA-201503-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-05"
},
{
"name" : "MDVSA-2015:055",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055"
},
{
"name" : "RHSA-2015:0696",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0696.html"
},
{
"name" : "openSUSE-SU-2015:0627",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"
},
{
"name" : "USN-2510-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2510-1"
},
{
"name" : "USN-2739-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2739-1"
},
{
"name" : "72986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3188"
},
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565"
},
{
"name": "http://code.google.com/p/google-security-research/issues/detail?id=163",
"refsource": "MISC",
"url": "http://code.google.com/p/google-security-research/issues/detail?id=163"
},
{
"name": "GLSA-201503-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-05"
},
{
"name": "72986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72986"
},
{
"name": "USN-2739-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2739-1"
},
{
"name": "openSUSE-SU-2015:0627",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0083.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0083.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "RHSA-2015:0696",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0696.html"
},
{
"name": "FEDORA-2015-2216",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"
},
{
"name": "MDVSA-2015:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055"
},
{
"name": "USN-2510-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2510-1"
},
{
"name": "FEDORA-2015-2237",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"
}
]
}
}

130
2016/2xxx/CVE-2016-2081.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2016-0008.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
},
{
"name" : "1036078",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036078"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
},
{
"name": "1036078",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036078"
}
]
}
}

154
2016/3xxx/CVE-2016-3048.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-27T00:00:00",
"ID" : "CVE-2016-3048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OpenPages GRC Platform",
"version" : {
"version_data" : [
{
"version_value" : "7.1"
},
{
"version_value" : "7.2"
},
{
"version_value" : "7.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-27T00:00:00",
"ID": "CVE-2016-3048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenPages GRC Platform",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "7.2"
},
{
"version_value": "7.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/114711",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/114711"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21997685",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21997685"
},
{
"name" : "101660",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101660"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/114711",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/114711"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997685",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997685"
}
]
}
}

150
2016/3xxx/CVE-2016-3205.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3206 and CVE-2016-3207."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-063",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063"
},
{
"name" : "MS16-069",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-069"
},
{
"name" : "1036096",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036096"
},
{
"name" : "1036097",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036097"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3206 and CVE-2016-3207."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036097",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036097"
},
{
"name": "MS16-063",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063"
},
{
"name": "1036096",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036096"
},
{
"name": "MS16-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-069"
}
]
}
}

150
2016/3xxx/CVE-2016-3309.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42960",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42960/"
},
{
"name" : "MS16-098",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-098"
},
{
"name" : "92297",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92297"
},
{
"name" : "1036572",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036572"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-098",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-098"
},
{
"name": "42960",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42960/"
},
{
"name": "1036572",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036572"
},
{
"name": "92297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92297"
}
]
}
}

150
2016/3xxx/CVE-2016-3453.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91947",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91947"
},
{
"name" : "1036407",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036407"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "91947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91947"
},
{
"name": "1036407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036407"
}
]
}
}

220
2016/3xxx/CVE-2016-3712.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Qemu-devel] 20160509 [PULL 5/5] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html"
},
{
"name" : "[oss-security] 20160509 CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/09/4"
},
{
"name" : "http://xenbits.xen.org/xsa/advisory-179.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-179.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name" : "http://support.citrix.com/article/CTX212736",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX212736"
},
{
"name" : "DSA-3573",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3573"
},
{
"name" : "RHSA-2016:2585",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2585.html"
},
{
"name" : "RHSA-2017:0621",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0621.html"
},
{
"name" : "USN-2974-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name" : "90314",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90314"
},
{
"name" : "1035794",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035794"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-179.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-179.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2017:0621",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0621.html"
},
{
"name": "http://support.citrix.com/article/CTX212736",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX212736"
},
{
"name": "[Qemu-devel] 20160509 [PULL 5/5] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html"
},
{
"name": "[oss-security] 20160509 CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/4"
},
{
"name": "1035794",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035794"
},
{
"name": "USN-2974-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "RHSA-2016:2585",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2585.html"
},
{
"name": "DSA-3573",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3573"
},
{
"name": "90314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90314"
}
]
}
}

120
2016/3xxx/CVE-2016-3772.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3772",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008188 and MediaTek internal bug ALPS02703102."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008188 and MediaTek internal bug ALPS02703102."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

142
2016/6xxx/CVE-2016-6714.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-6714",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-6.0"
},
{
"version_value" : "Android-6.0.1"
},
{
"version_value" : "Android-7.0"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31092462."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "94137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94137"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31092462."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94137"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
}
]
}
}

160
2016/6xxx/CVE-2016-6921.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html"
},
{
"name" : "GLSA-201610-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-10"
},
{
"name" : "RHSA-2016:1865",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1865.html"
},
{
"name" : "92927",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92927"
},
{
"name" : "1036791",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201610-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-10"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html"
},
{
"name": "RHSA-2016:1865",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1865.html"
},
{
"name": "92927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92927"
},
{
"name": "1036791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036791"
}
]
}
}

180
2016/7xxx/CVE-2016-7201.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40990",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40990/"
},
{
"name" : "40784",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40784/"
},
{
"name" : "https://github.com/theori-io/chakra-2016-11",
"refsource" : "MISC",
"url" : "https://github.com/theori-io/chakra-2016-11"
},
{
"name" : "http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html"
},
{
"name" : "MS16-129",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129"
},
{
"name" : "94038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94038"
},
{
"name" : "1037245",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037245"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-129",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129"
},
{
"name": "http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html"
},
{
"name": "https://github.com/theori-io/chakra-2016-11",
"refsource": "MISC",
"url": "https://github.com/theori-io/chakra-2016-11"
},
{
"name": "94038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94038"
},
{
"name": "40784",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40784/"
},
{
"name": "40990",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40990/"
},
{
"name": "1037245",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037245"
}
]
}
}

140
2016/7xxx/CVE-2016-7664.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7664",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Accessibility\" component. which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging the availability of excessive options during lockscreen access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207422",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207422"
},
{
"name" : "94850",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94850"
},
{
"name" : "1037429",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037429"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Accessibility\" component. which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging the availability of excessive options during lockscreen access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
},
{
"name": "1037429",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037429"
},
{
"name": "94850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94850"
}
]
}
}

150
2016/7xxx/CVE-2016-7836.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2016-7836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SKYSEA Client View",
"version" : {
"version_data" : [
{
"version_value" : "Ver.11.221.03 and earlier"
}
]
}
}
]
},
"vendor_name" : "Sky Co., LTD."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SKYSEA Client View",
"version": {
"version_data": [
{
"version_value": "Ver.11.221.03 and earlier"
}
]
}
}
]
},
"vendor_name": "Sky Co., LTD."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.skyseaclientview.net/news/161221/",
"refsource" : "CONFIRM",
"url" : "http://www.skyseaclientview.net/news/161221/"
},
{
"name" : "https://www.skygroup.jp/security-info/170308.html",
"refsource" : "CONFIRM",
"url" : "https://www.skygroup.jp/security-info/170308.html"
},
{
"name" : "JVN#84995847",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN84995847/index.html"
},
{
"name" : "95062",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95062"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.skyseaclientview.net/news/161221/",
"refsource": "CONFIRM",
"url": "http://www.skyseaclientview.net/news/161221/"
},
{
"name": "https://www.skygroup.jp/security-info/170308.html",
"refsource": "CONFIRM",
"url": "https://www.skygroup.jp/security-info/170308.html"
},
{
"name": "JVN#84995847",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN84995847/index.html"
},
{
"name": "95062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95062"
}
]
}
}