admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:17:28 +00:00
parent 3af2e9d0ea
commit 21a3fc2870
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3722 additions and 3722 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2006/0xxx/CVE-2006-0524.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0524", "ID": "CVE-2006-0524",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060130 ashnews Cross-Site Scripting Vulnerability", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0955.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
{ }
"name" : "20060130 Re: ashnews Cross-Site Scripting Vulnerability", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20060131 Re: ashnews Cross-Site Scripting Vulnerability", "description": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16426", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/16426" ]
}, },
{ "references": {
"name" : "22934", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22934" "name": "ashnews-ashnews-xss(24365)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24365"
"name" : "9331", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/9331" "name": "9331",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/9331"
"name" : "ashnews-ashnews-xss(24365)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24365" "name": "22934",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/22934"
} },
{
"name": "20060131 Re: ashnews Cross-Site Scripting Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html"
},
{
"name": "20060130 Re: ashnews Cross-Site Scripting Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html"
},
{
"name": "20060130 ashnews Cross-Site Scripting Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0955.html"
},
{
"name": "16426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16426"
}
]
}
} }

168
2006/0xxx/CVE-2006-0571.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0571", "ID": "CVE-2006-0571",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060212 [eVuln] phpstatus Authentication Bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/424842/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface."
{ }
"name" : "http://evuln.com/vulns/61/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/61/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16587", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16587" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0450", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0450" ]
}, },
{ "references": {
"name" : "18791", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18791" "name": "http://evuln.com/vulns/61/summary.html",
}, "refsource": "MISC",
{ "url": "http://evuln.com/vulns/61/summary.html"
"name" : "427", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/427" "name": "18791",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18791"
} },
{
"name": "16587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16587"
},
{
"name": "427",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/427"
},
{
"name": "20060212 [eVuln] phpstatus Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424842/100/0/threaded"
},
{
"name": "ADV-2006-0450",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0450"
}
]
}
} }

118
2006/0xxx/CVE-2006-0982.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0982", "ID": "CVE-2006-0982",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060228 Virex on-access scanning unreliable", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/426348/100/0/threaded" "lang": "eng",
} "value": "The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060228 Virex on-access scanning unreliable",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426348/100/0/threaded"
}
]
}
} }

148
2006/1xxx/CVE-2006-1680.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1680", "ID": "CVE-2006-1680",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060407 Multiple vulnerability in jupiter CMS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/430391/100/0/threaded" "lang": "eng",
}, "value": "Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php."
{ }
"name" : "ADV-2006-1302", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/1302" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19582", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19582" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "jupitercm-online-path-disclosure(25703)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25703" ]
} },
] "references": {
} "reference_data": [
{
"name": "20060407 Multiple vulnerability in jupiter CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430391/100/0/threaded"
},
{
"name": "jupitercm-online-path-disclosure(25703)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25703"
},
{
"name": "ADV-2006-1302",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1302"
},
{
"name": "19582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19582"
}
]
}
} }

138
2006/1xxx/CVE-2006-1764.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1764", "ID": "CVE-2006-1764",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ADV-2006-1268", "description_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1268" "lang": "eng",
}, "value": "Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
{ }
"name" : "24447", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/24447" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19569", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19569" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1268"
},
{
"name": "19569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19569"
},
{
"name": "24447",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24447"
}
]
}
} }

138
2006/1xxx/CVE-2006-1851.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1851", "ID": "CVE-2006-1851",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the (1) action parameter to members_only/index.cgi and (2) page parameter customer_area/index.cgi, probably due to invalid values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html" "lang": "eng",
}, "value": "xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the (1) action parameter to members_only/index.cgi and (2) page parameter customer_area/index.cgi, probably due to invalid values."
{ }
"name" : "17614", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17614" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "xflow-index-path-disclosure(25855)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25855" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "17614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17614"
},
{
"name": "http://pridels0.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html"
},
{
"name": "xflow-index-path-disclosure(25855)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25855"
}
]
}
} }

348
2006/1xxx/CVE-2006-1935.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-1935", "ID": "CVE-2006-1935",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00023.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00023.html" "lang": "eng",
}, "value": "Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector."
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1049", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1049" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2006-456", ]
"refsource" : "FEDORA", }
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00194.html" ]
}, },
{ "references": {
"name" : "FEDORA-2006-461", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00195.html" "name": "19828",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19828"
"name" : "GLSA-200604-17", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-17.xml" "name": "19839",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19839"
"name" : "MDKSA-2006:077", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:077" "name": "20210",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20210"
"name" : "RHSA-2006:0420", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0420.html" "name": "FEDORA-2006-456",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00194.html"
"name" : "20060501-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" "name": "MDKSA-2006:077",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:077"
"name" : "SUSE-SR:2006:010", },
"refsource" : "SUSE", {
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html" "name": "http://www.ethereal.com/appnotes/enpa-sa-00023.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.ethereal.com/appnotes/enpa-sa-00023.html"
"name" : "17682", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17682" "name": "19769",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19769"
"name" : "oval:org.mitre.oval:def:10811", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10811" "name": "19962",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19962"
"name" : "ADV-2006-1501", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1501" "name": "FEDORA-2006-461",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00195.html"
"name" : "1015985", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015985" "name": "1015985",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015985"
"name" : "19769", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19769" "name": "oval:org.mitre.oval:def:10811",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10811"
"name" : "19805", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19805" "name": "GLSA-200604-17",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-17.xml"
"name" : "19828", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19828" "name": "ADV-2006-1501",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1501"
"name" : "19839", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19839" "name": "DSA-1049",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1049"
"name" : "19958", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19958" "name": "19805",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19805"
"name" : "19962", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19962" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm"
"name" : "20117", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20117" "name": "20060501-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
"name" : "20944", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20944" "name": "SUSE-SR:2006:010",
}, "refsource": "SUSE",
{ "url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
"name" : "20210", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20210" "name": "20117",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20117"
"name" : "ethereal-cops-dissector-bo(26013)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26013" "name": "17682",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/17682"
} },
{
"name": "20944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20944"
},
{
"name": "RHSA-2006:0420",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0420.html"
},
{
"name": "19958",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19958"
},
{
"name": "ethereal-cops-dissector-bo(26013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26013"
}
]
}
} }

168
2006/5xxx/CVE-2006-5646.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5646", "ID": "CVE-2006-5646",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061208 Sophos Antivirus CHM File Heap Overflow Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=452" "lang": "eng",
}, "value": "Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0."
{ }
"name" : "http://www.sophos.com/support/knowledgebase/article/7609.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.sophos.com/support/knowledgebase/article/7609.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20816", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20816" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-4239", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/4239" ]
}, },
{ "references": {
"name" : "1017132", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017132" "name": "http://www.sophos.com/support/knowledgebase/article/7609.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.sophos.com/support/knowledgebase/article/7609.html"
"name" : "22591", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22591" "name": "1017132",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1017132"
} },
{
"name": "ADV-2006-4239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4239"
},
{
"name": "20061208 Sophos Antivirus CHM File Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=452"
},
{
"name": "20816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20816"
},
{
"name": "22591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22591"
}
]
}
} }

158
2006/5xxx/CVE-2006-5725.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5725", "ID": "CVE-2006-5725",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2637", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2637" "lang": "eng",
}, "value": "The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories."
{ }
"name" : "https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c", ]
"refsource" : "MISC", },
"url" : "https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4224", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4224" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22550", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22550" ]
}, },
{ "references": {
"name" : "smartgate-header-information-disclosure(29802)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29802" "name": "22550",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/22550"
} },
{
"name": "ADV-2006-4224",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4224"
},
{
"name": "2637",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2637"
},
{
"name": "https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c",
"refsource": "MISC",
"url": "https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c"
},
{
"name": "smartgate-header-information-disclosure(29802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29802"
}
]
}
} }

158
2006/5xxx/CVE-2006-5828.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5828", "ID": "CVE-2006-5828",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2720", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2720" "lang": "eng",
}, "value": "SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter."
{ }
"name" : "20935", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20935" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4403", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4403" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22704", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22704" ]
}, },
{ "references": {
"name" : "phpclassifieds-detail-sql-injection(30023)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30023" "name": "phpclassifieds-detail-sql-injection(30023)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30023"
} },
{
"name": "20935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20935"
},
{
"name": "2720",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2720"
},
{
"name": "ADV-2006-4403",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4403"
},
{
"name": "22704",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22704"
}
]
}
} }

32
2010/0xxx/CVE-2010-0200.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-0200", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-0200",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1241. Reason: This candidate is a duplicate of CVE-2010-1241. Notes: All CVE users should reference CVE-2010-1241 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1241. Reason: This candidate is a duplicate of CVE-2010-1241. Notes: All CVE users should reference CVE-2010-1241 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

258
2010/0xxx/CVE-2010-0397.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0397", "ID": "CVE-2010-0397",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100312 CVE-2010-0397: NULL pointer dereference in PHP's xmlrpc extension", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/03/12/5" "lang": "eng",
}, "value": "The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573573", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573573" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4312", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4312" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT4435", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT4435" ]
}, },
{ "references": {
"name" : "APPLE-SA-2010-08-24-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573573",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573573"
"name" : "APPLE-SA-2010-11-10-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" "name": "http://support.apple.com/kb/HT4435",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4435"
"name" : "MDVSA-2010:068", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:068" "name": "[oss-security] 20100312 CVE-2010-0397: NULL pointer dereference in PHP's xmlrpc extension",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/03/12/5"
"name" : "RHSA-2010:0919", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0919.html" "name": "APPLE-SA-2010-11-10-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
"name" : "SUSE-SR:2010:012", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" "name": "SUSE-SR:2010:013",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
"name" : "SUSE-SR:2010:013", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" "name": "38708",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/38708"
"name" : "SUSE-SR:2010:017", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" "name": "RHSA-2010:0919",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0919.html"
"name" : "38708", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38708" "name": "APPLE-SA-2010-08-24-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
"name" : "42410", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42410" "name": "http://support.apple.com/kb/HT4312",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4312"
"name" : "ADV-2010-0724", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0724" "name": "SUSE-SR:2010:012",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
"name" : "ADV-2010-3081", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3081" "name": "42410",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/42410"
} },
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "ADV-2010-0724",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0724"
},
{
"name": "MDVSA-2010:068",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:068"
},
{
"name": "ADV-2010-3081",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3081"
}
]
}
} }

368
2010/0xxx/CVE-2010-0420.json
View File

@ -1,187 +1,187 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-0420", "ID": "CVE-2010-0420",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://developer.pidgin.im/wiki/ChangeLog", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://developer.pidgin.im/wiki/ChangeLog" "lang": "eng",
}, "value": "libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname."
{ }
"name" : "http://pidgin.im/news/security/?id=44", ]
"refsource" : "CONFIRM", },
"url" : "http://pidgin.im/news/security/?id=44" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=565786", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=565786" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2038", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2010/dsa-2038" ]
}, },
{ "references": {
"name" : "FEDORA-2010-1279", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html" "name": "FEDORA-2010-1279",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html"
"name" : "FEDORA-2010-1383", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html" "name": "38294",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/38294"
"name" : "FEDORA-2010-1934", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=565786",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=565786"
"name" : "MDVSA-2010:041", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041" "name": "RHSA-2010:0115",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2010-0115.html"
"name" : "MDVSA-2010:085", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085" "name": "ADV-2010-0413",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0413"
"name" : "RHSA-2010:0115", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0115.html" "name": "38563",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38563"
"name" : "SUSE-SR:2010:006", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" "name": "MDVSA-2010:085",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
"name" : "USN-902-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-902-1" "name": "USN-902-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-902-1"
"name" : "38294", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38294" "name": "38640",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38640"
"name" : "62439", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/62439" "name": "ADV-2010-0914",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0914"
"name" : "oval:org.mitre.oval:def:11485", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11485" "name": "38658",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38658"
"name" : "oval:org.mitre.oval:def:18230", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18230" "name": "oval:org.mitre.oval:def:18230",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18230"
"name" : "38563", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38563" "name": "FEDORA-2010-1934",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html"
"name" : "38640", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38640" "name": "ADV-2010-1020",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1020"
"name" : "38658", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38658" "name": "SUSE-SR:2010:006",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
"name" : "38712", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38712" "name": "FEDORA-2010-1383",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html"
"name" : "38915", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38915" "name": "62439",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/62439"
"name" : "39509", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39509" "name": "DSA-2038",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2010/dsa-2038"
"name" : "ADV-2010-0413", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0413" "name": "38712",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38712"
"name" : "ADV-2010-1020", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1020" "name": "pidgin-xmpp-nickname-dos(56399)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56399"
"name" : "ADV-2010-0914", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0914" "name": "http://pidgin.im/news/security/?id=44",
}, "refsource": "CONFIRM",
{ "url": "http://pidgin.im/news/security/?id=44"
"name" : "pidgin-xmpp-nickname-dos(56399)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56399" "name": "39509",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/39509"
} },
{
"name": "oval:org.mitre.oval:def:11485",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11485"
},
{
"name": "MDVSA-2010:041",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041"
},
{
"name": "38915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38915"
},
{
"name": "http://developer.pidgin.im/wiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/wiki/ChangeLog"
}
]
}
} }

178
2010/0xxx/CVE-2010-0679.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0679", "ID": "CVE-2010-0679",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/1002-advisories/chemviewx-overflow.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/1002-advisories/chemviewx-overflow.txt" "lang": "eng",
}, "value": "Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods."
{ }
"name" : "http://packetstormsecurity.org/1002-exploits/hyleoschemview-heap.rb.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/1002-exploits/hyleoschemview-heap.rb.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11422", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/11422" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf", ]
"refsource" : "MISC", }
"url" : "http://www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf" ]
}, },
{ "references": {
"name" : "38225", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38225" "name": "http://packetstormsecurity.org/1002-exploits/hyleoschemview-heap.rb.txt",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.org/1002-exploits/hyleoschemview-heap.rb.txt"
"name" : "62276", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/62276" "name": "38523",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38523"
"name" : "38523", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38523" "name": "http://www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf",
} "refsource": "MISC",
] "url": "http://www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf"
} },
{
"name": "38225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38225"
},
{
"name": "62276",
"refsource": "OSVDB",
"url": "http://osvdb.org/62276"
},
{
"name": "http://packetstormsecurity.org/1002-advisories/chemviewx-overflow.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-advisories/chemviewx-overflow.txt"
},
{
"name": "11422",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11422"
}
]
}
} }

148
2010/0xxx/CVE-2010-0937.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0937", "ID": "CVE-2010-0937",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Visualization Library before 2009.08.812 have unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://visualizationlibrary.com/documentation/pagchangelog.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://visualizationlibrary.com/documentation/pagchangelog.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in Visualization Library before 2009.08.812 have unknown impact and attack vectors."
{ }
"name" : "37644", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/37644" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2010-0050", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0050" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "visualizationlibrary-multiple-unspecified(55478)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55478" ]
} },
] "references": {
} "reference_data": [
{
"name": "37644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37644"
},
{
"name": "ADV-2010-0050",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0050"
},
{
"name": "visualizationlibrary-multiple-unspecified(55478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55478"
},
{
"name": "http://visualizationlibrary.com/documentation/pagchangelog.html",
"refsource": "CONFIRM",
"url": "http://visualizationlibrary.com/documentation/pagchangelog.html"
}
]
}
} }

158
2010/1xxx/CVE-2010-1476.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1476", "ID": "CVE-2010-1476",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/1004-exploits/joomlaalphauserpoints-lfi.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/1004-exploits/joomlaalphauserpoints-lfi.txt" "lang": "eng",
}, "value": "Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php."
{ }
"name" : "12150", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/12150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.alphaplug.com/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.alphaplug.com/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "39393", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/39393" ]
}, },
{ "references": {
"name" : "39250", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39250" "name": "12150",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/12150"
} },
{
"name": "http://www.alphaplug.com/",
"refsource": "CONFIRM",
"url": "http://www.alphaplug.com/"
},
{
"name": "39250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39250"
},
{
"name": "39393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39393"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlaalphauserpoints-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlaalphauserpoints-lfi.txt"
}
]
}
} }

138
2010/3xxx/CVE-2010-3161.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2010-3161", "ID": "CVE-2010-3161",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in TeraPad before 1.00 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www5f.biglobe.ne.jp/~t-susumu/dl/tpad/History.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www5f.biglobe.ne.jp/~t-susumu/dl/tpad/History.txt" "lang": "eng",
}, "value": "Untrusted search path vulnerability in TeraPad before 1.00 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
{ }
"name" : "JVN#48097065", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN48097065/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2010-000045", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000045.html" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#48097065",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN48097065/index.html"
},
{
"name": "http://www5f.biglobe.ne.jp/~t-susumu/dl/tpad/History.txt",
"refsource": "CONFIRM",
"url": "http://www5f.biglobe.ne.jp/~t-susumu/dl/tpad/History.txt"
},
{
"name": "JVNDB-2010-000045",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000045.html"
}
]
}
} }

178
2010/3xxx/CVE-2010-3928.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2010-3928", "ID": "CVE-2010-3928",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ruby Version Manager (RVM) before 1.2.1 writes file contents to a terminal without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via a crafted file, related to an \"escape sequence injection vulnerability.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#30414126", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN30414126/index.html" "lang": "eng",
}, "value": "Ruby Version Manager (RVM) before 1.2.1 writes file contents to a terminal without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via a crafted file, related to an \"escape sequence injection vulnerability.\" NOTE: some of these details are obtained from third party information."
{ }
"name" : "JVNDB-2011-000005", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000005.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "45841", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45841" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "70521", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/70521" ]
}, },
{ "references": {
"name" : "42952", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42952" "name": "JVNDB-2011-000005",
}, "refsource": "JVNDB",
{ "url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000005.html"
"name" : "ADV-2011-0174", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0174" "name": "45841",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/45841"
"name" : "ruby-manager-escape-command-execution(64746)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64746" "name": "42952",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/42952"
} },
{
"name": "JVN#30414126",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN30414126/index.html"
},
{
"name": "ruby-manager-escape-command-execution(64746)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64746"
},
{
"name": "70521",
"refsource": "OSVDB",
"url": "http://osvdb.org/70521"
},
{
"name": "ADV-2011-0174",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0174"
}
]
}
} }

138
2010/4xxx/CVE-2010-4509.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4509", "ID": "CVE-2010-4509",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 and 5.x before 5.04 have unknown impact and attack vectors related to the (1) mt:AssetProperty and (2) mt:EntryFlag tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 and 5.x before 5.04 have unknown impact and attack vectors related to the (1) mt:AssetProperty and (2) mt:EntryFlag tags."
{ }
"name" : "45383", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/45383" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "movable-type-multiple-unspec(64130)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64130" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "movable-type-multiple-unspec(64130)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64130"
},
{
"name": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html"
},
{
"name": "45383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45383"
}
]
}
} }

32
2010/4xxx/CVE-2010-4561.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4561", "ID": "CVE-2010-4561",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

158
2010/4xxx/CVE-2010-4852.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4852", "ID": "CVE-2010-4852",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b allows remote attackers to inject arbitrary web script or HTML via the reason parameter in a fail action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "15644", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/15644" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b allows remote attackers to inject arbitrary web script or HTML via the reason parameter in a fail action."
{ }
"name" : "http://packetstormsecurity.org/files/view/96228/eclime112b-sql.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/files/view/96228/eclime112b-sql.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.htbridge.ch/advisory/xss_in_eclime.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.htbridge.ch/advisory/xss_in_eclime.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "45124", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/45124" ]
}, },
{ "references": {
"name" : "8399", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8399" "name": "8399",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/8399"
} },
{
"name": "45124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45124"
},
{
"name": "http://www.htbridge.ch/advisory/xss_in_eclime.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_in_eclime.html"
},
{
"name": "15644",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15644"
},
{
"name": "http://packetstormsecurity.org/files/view/96228/eclime112b-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96228/eclime112b-sql.txt"
}
]
}
} }

158
2014/0xxx/CVE-2014-0110.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0110", "ID": "CVE-2014-0110",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378628&api=v2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://cxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378628&api=v2" "lang": "eng",
}, "value": "Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message."
{ }
"name" : "RHSA-2014:1351", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1351.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2015:0850", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0850.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2015:0851", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0851.html" ]
}, },
{ "references": {
"name" : "1030202", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030202" "name": "http://cxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378628&api=v2",
} "refsource": "CONFIRM",
] "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378628&api=v2"
} },
{
"name": "RHSA-2015:0850",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name": "RHSA-2015:0851",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name": "1030202",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030202"
},
{
"name": "RHSA-2014:1351",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"
}
]
}
} }

118
2014/0xxx/CVE-2014-0770.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-0770", "ID": "CVE-2014-0770",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long UserName parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" "lang": "eng",
} "value": "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long UserName parameter."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
}
]
}
} }

128
2014/10xxx/CVE-2014-10012.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-10012", "ID": "CVE-2014-10012",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/129035/Another-WordPress-Classifieds-Cross-Site-Scripting-SQL-Injection.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/129035/Another-WordPress-Classifieds-Cross-Site-Scripting-SQL-Injection.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI."
{ }
"name" : "wp-anotherwpclassifieds-url-xss(98588)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98588" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129035/Another-WordPress-Classifieds-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129035/Another-WordPress-Classifieds-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "wp-anotherwpclassifieds-url-xss(98588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98588"
}
]
}
} }

118
2014/3xxx/CVE-2014-3991.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3991", "ID": "CVE-2014-3991",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a \"User Card\" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/127389/Dolibarr-CMS-3.5.3-SQL-Injection-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/127389/Dolibarr-CMS-3.5.3-SQL-Injection-Cross-Site-Scripting.html" "lang": "eng",
} "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a \"User Card\" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127389/Dolibarr-CMS-3.5.3-SQL-Injection-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127389/Dolibarr-CMS-3.5.3-SQL-Injection-Cross-Site-Scripting.html"
}
]
}
} }

158
2014/4xxx/CVE-2014-4399.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-4399", "ID": "CVE-2014-4399",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://code.google.com/p/google-security-research/issues/detail?id=30", "description_data": [
"refsource" : "MISC", {
"url" : "https://code.google.com/p/google-security-research/issues/detail?id=30" "lang": "eng",
}, "value": "An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416."
{ }
"name" : "http://support.apple.com/kb/HT6443", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT6443" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "69895", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/69895" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1030868", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1030868" ]
}, },
{ "references": {
"name" : "macosx-cve20144399-code-exec(96059)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96059" "name": "69895",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/69895"
} },
{
"name": "https://code.google.com/p/google-security-research/issues/detail?id=30",
"refsource": "MISC",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=30"
},
{
"name": "1030868",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030868"
},
{
"name": "http://support.apple.com/kb/HT6443",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "macosx-cve20144399-code-exec(96059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96059"
}
]
}
} }

198
2014/4xxx/CVE-2014-4466.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-4466", "ID": "CVE-2014-4466",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT6596", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT6596" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1."
{ }
"name" : "http://support.apple.com/HT204245", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/HT204245" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/HT204246", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/HT204246" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/kb/HT204949", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/kb/HT204949" ]
}, },
{ "references": {
"name" : "APPLE-SA-2014-12-2-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html" "name": "http://support.apple.com/HT204245",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/HT204245"
"name" : "APPLE-SA-2015-01-27-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" "name": "http://support.apple.com/HT204246",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/HT204246"
"name" : "APPLE-SA-2015-01-27-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" "name": "APPLE-SA-2015-06-30-6",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html"
"name" : "APPLE-SA-2015-06-30-6", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" "name": "APPLE-SA-2015-01-27-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
"name" : "71445", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71445" "name": "https://support.apple.com/kb/HT204949",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/kb/HT204949"
} },
{
"name": "71445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71445"
},
{
"name": "APPLE-SA-2015-01-27-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT6596",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6596"
},
{
"name": "APPLE-SA-2014-12-2-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html"
}
]
}
} }

178
2014/4xxx/CVE-2014-4491.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-4491", "ID": "CVE-2014-4491",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/HT204244", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/HT204244" "lang": "eng",
}, "value": "The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app."
{ }
"name" : "http://support.apple.com/HT204245", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/HT204245" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/HT204246", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/HT204246" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-01-27-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2015-01-27-2", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" "name": "http://support.apple.com/HT204245",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/HT204245"
"name" : "APPLE-SA-2015-01-27-4", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" "name": "http://support.apple.com/HT204246",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/HT204246"
"name" : "1031650", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031650" "name": "1031650",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1031650"
} },
{
"name": "APPLE-SA-2015-01-27-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
} }

158
2014/4xxx/CVE-2014-4769.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-4769", "ID": "CVE-2014-4769",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685464", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685464" "lang": "eng",
}, "value": "IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
{ }
"name" : "JR49897", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49897" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JR50553", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50553" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "70872", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/70872" ]
}, },
{ "references": {
"name" : "ibm-websphere-cve20144769-info-disc(94836)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94836" "name": "JR50553",
} "refsource": "AIXAPAR",
] "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50553"
} },
{
"name": "JR49897",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49897"
},
{
"name": "ibm-websphere-cve20144769-info-disc(94836)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94836"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685464",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685464"
},
{
"name": "70872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70872"
}
]
}
} }

138
2014/4xxx/CVE-2014-4806.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-4806", "ID": "CVE-2014-4806",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682642", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682642" "lang": "eng",
}, "value": "The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file."
{ }
"name" : "69435", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/69435" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-appscan-cve20144806-cleartext(95354)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95354" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "69435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69435"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682642",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682642"
},
{
"name": "ibm-appscan-cve20144806-cleartext(95354)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95354"
}
]
}
} }

118
2014/4xxx/CVE-2014-4849.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4849", "ID": "CVE-2014-4849",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the (1) e or (2) r parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html" "lang": "eng",
} "value": "Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the (1) e or (2) r parameter."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html"
}
]
}
} }

168
2014/8xxx/CVE-2014-8319.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8319", "ID": "CVE-2014-8319",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the easy_social_admin_summary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://drupal.org/node/2194809", "description_data": [
"refsource" : "MISC", {
"url" : "https://drupal.org/node/2194809" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the easy_social_admin_summary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title."
{ }
"name" : "https://www.drupal.org/node/2194401", ]
"refsource" : "CONFIRM", },
"url" : "https://www.drupal.org/node/2194401" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "65527", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/65527" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "103264", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/103264" ]
}, },
{ "references": {
"name" : "56857", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56857" "name": "56857",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56857"
"name" : "easy-social-drupal-xss(91157)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91157" "name": "https://drupal.org/node/2194809",
} "refsource": "MISC",
] "url": "https://drupal.org/node/2194809"
} },
{
"name": "https://www.drupal.org/node/2194401",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2194401"
},
{
"name": "easy-social-drupal-xss(91157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91157"
},
{
"name": "103264",
"refsource": "OSVDB",
"url": "http://osvdb.org/103264"
},
{
"name": "65527",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65527"
}
]
}
} }

32
2014/8xxx/CVE-2014-8347.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8347", "ID": "CVE-2014-8347",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2014/8xxx/CVE-2014-8535.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8535", "ID": "CVE-2014-8535",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to bypass intended restriction on unspecified functionality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10044", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10044" "lang": "eng",
} "value": "McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to bypass intended restriction on unspecified functionality via unknown vectors."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10044",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10044"
}
]
}
} }

32
2014/8xxx/CVE-2014-8906.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8906", "ID": "CVE-2014-8906",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2014/9xxx/CVE-2014-9291.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-9291", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-9291",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

158
2014/9xxx/CVE-2014-9526.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9526", "ID": "CVE-2014-9526",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141209 Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534189/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php."
{ }
"name" : "20141209 Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Dec/38" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://morxploit.com/morxploits/morxconxss.txt", "description": [
"refsource" : "MISC", {
"url" : "http://morxploit.com/morxploits/morxconxss.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/129446/Concrete5-CMS-5.7.2-5.7.2.1-Cross-Site-Scripting.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/129446/Concrete5-CMS-5.7.2-5.7.2.1-Cross-Site-Scripting.html" ]
}, },
{ "references": {
"name" : "concrete5-multiple-xss(99264)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99264" "name": "concrete5-multiple-xss(99264)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99264"
} },
{
"name": "20141209 Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534189/100/0/threaded"
},
{
"name": "http://morxploit.com/morxploits/morxconxss.txt",
"refsource": "MISC",
"url": "http://morxploit.com/morxploits/morxconxss.txt"
},
{
"name": "http://packetstormsecurity.com/files/129446/Concrete5-CMS-5.7.2-5.7.2.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129446/Concrete5-CMS-5.7.2-5.7.2.1-Cross-Site-Scripting.html"
},
{
"name": "20141209 Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/38"
}
]
}
} }

32
2014/9xxx/CVE-2014-9999.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-9999", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-9999",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references."
} }
] ]
} }
} }

138
2016/2xxx/CVE-2016-2950.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-2950", "ID": "CVE-2016-2950",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991886", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991886" "lang": "eng",
}, "value": "SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
{ }
"name" : "IV89784", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89784" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94607", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94607" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991886",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991886"
},
{
"name": "IV89784",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89784"
},
{
"name": "94607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94607"
}
]
}
} }

158
2016/3xxx/CVE-2016-3067.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-3067", "ID": "CVE-2016-3067",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[cygwin-announce] 20160218 TEST RELEASE: Cygwin 2.5.0-0.4", "description_data": [
"refsource" : "MLIST", {
"url" : "https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html" "lang": "eng",
}, "value": "Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges."
{ }
"name" : "[cygwin-announce] 20160411 Cygwin 2.5.0-1", ]
"refsource" : "MLIST", },
"url" : "https://cygwin.com/ml/cygwin-announce/2016-04/msg00020.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[cygwin-announce] 20160419 CVE-2016-3067: network privilege escalation in Cygwin set(e)ui", "description": [
"refsource" : "MLIST", {
"url" : "https://cygwin.com/ml/cygwin-announce/2016-04/msg00054.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[cygwin] 20160208 Possible Security Hole in SSHD w/ CYGWIN?", ]
"refsource" : "MLIST", }
"url" : "https://cygwin.com/ml/cygwin/2016-02/msg00129.html" ]
}, },
{ "references": {
"name" : "https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=205862ed08649df8f50b926a2c58c963f571b044", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=205862ed08649df8f50b926a2c58c963f571b044" "name": "[cygwin-announce] 20160411 Cygwin 2.5.0-1",
} "refsource": "MLIST",
] "url": "https://cygwin.com/ml/cygwin-announce/2016-04/msg00020.html"
} },
{
"name": "[cygwin-announce] 20160419 CVE-2016-3067: network privilege escalation in Cygwin set(e)ui",
"refsource": "MLIST",
"url": "https://cygwin.com/ml/cygwin-announce/2016-04/msg00054.html"
},
{
"name": "[cygwin] 20160208 Possible Security Hole in SSHD w/ CYGWIN?",
"refsource": "MLIST",
"url": "https://cygwin.com/ml/cygwin/2016-02/msg00129.html"
},
{
"name": "[cygwin-announce] 20160218 TEST RELEASE: Cygwin 2.5.0-0.4",
"refsource": "MLIST",
"url": "https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html"
},
{
"name": "https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=205862ed08649df8f50b926a2c58c963f571b044",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=205862ed08649df8f50b926a2c58c963f571b044"
}
]
}
} }

158
2016/3xxx/CVE-2016-3095.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-3095", "ID": "CVE-2016-3095",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160406 Pulp 2.8.2 release for CVE-2016-3095", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/04/06/3" "lang": "eng",
}, "value": "server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key."
{ }
"name" : "[oss-security] 20160418 CVE-2013-7450: Pulp < 2.3.0 distributed the same CA key to all users", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/04/18/11" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1322706", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1322706" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca" ]
}, },
{ "references": {
"name" : "FEDORA-2016-f75bd73891", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182006.html" "name": "https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca",
} "refsource": "CONFIRM",
] "url": "https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca"
} },
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322706",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322706"
},
{
"name": "[oss-security] 20160406 Pulp 2.8.2 release for CVE-2016-3095",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/06/3"
},
{
"name": "FEDORA-2016-f75bd73891",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182006.html"
},
{
"name": "[oss-security] 20160418 CVE-2013-7450: Pulp < 2.3.0 distributed the same CA key to all users",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/11"
}
]
}
} }

128
2016/3xxx/CVE-2016-3441.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-3441", "ID": "CVE-2016-3441",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem."
{ }
"name" : "1035629", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1035629" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035629",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035629"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
]
}
} }

138
2016/3xxx/CVE-2016-3664.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3664", "ID": "CVE-2016-3664",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html" "lang": "eng",
}, "value": "Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate."
{ }
"name" : "http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html", ]
"refsource" : "MISC", },
"url" : "http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx", "description": [
"refsource" : "CONFIRM", {
"url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html"
},
{
"name": "http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html",
"refsource": "MISC",
"url": "http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html"
},
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx"
}
]
}
} }

138
2016/3xxx/CVE-2016-3910.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-3910", "ID": "CVE-2016-3910",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30148546."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-10-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-10-01.html" "lang": "eng",
}, "value": "services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30148546."
{ }
"name" : "https://android.googlesource.com/platform/frameworks/av/+/035cb12f392860113dce96116a5150e2fde6f0cc", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/frameworks/av/+/035cb12f392860113dce96116a5150e2fde6f0cc" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "93296", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93296" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "93296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93296"
},
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/035cb12f392860113dce96116a5150e2fde6f0cc",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/035cb12f392860113dce96116a5150e2fde6f0cc"
}
]
}
} }

138
2016/3xxx/CVE-2016-3978.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3978", "ID": "CVE-2016-3978",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the \"redirect\" parameter to \"login.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160320 FortiOS (Fortinet) - Open Redirect and Cross Site Scripting", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2016/Mar/68" "lang": "eng",
}, "value": "The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the \"redirect\" parameter to \"login.\""
{ }
"name" : "http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability", ]
"refsource" : "CONFIRM", },
"url" : "http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1035332", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035332" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20160320 FortiOS (Fortinet) - Open Redirect and Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Mar/68"
},
{
"name": "1035332",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035332"
},
{
"name": "http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability"
}
]
}
} }

128
2016/6xxx/CVE-2016-6753.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-6753", "ID": "CVE-2016-6753",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.18" "version_value": "Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30149174."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2016-11-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2016-11-01.html" "lang": "eng",
}, "value": "An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30149174."
{ }
"name" : "94147", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94147" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "94147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94147"
}
]
}
} }

138
2016/6xxx/CVE-2016-6961.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-6961", "ID": "CVE-2016-6961",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993."
{ }
"name" : "93491", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93491" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036986", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036986" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "93491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93491"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
}
]
}
} }

32
2016/7xxx/CVE-2016-7396.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7396", "ID": "CVE-2016-7396",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2016/7xxx/CVE-2016-7500.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7500", "ID": "CVE-2016-7500",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2016/7xxx/CVE-2016-7650.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-7650", "ID": "CVE-2016-7650",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the \"Safari Reader\" component, which allows remote attackers to conduct UXSS attacks via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207421", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207421" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the \"Safari Reader\" component, which allows remote attackers to conduct UXSS attacks via a crafted web site."
{ }
"name" : "https://support.apple.com/HT207422", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207422" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94915", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94915" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1037459", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037459" ]
} },
] "references": {
} "reference_data": [
{
"name": "94915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94915"
},
{
"name": "https://support.apple.com/HT207421",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207421"
},
{
"name": "1037459",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037459"
},
{
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
}
]
}
} }

158
2016/7xxx/CVE-2016-7966.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7966", "ID": "CVE-2016-7966",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161004 Re: KMail vulnerabilites: need 3 CVE", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/10/05/1" "lang": "eng",
}, "value": "Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content."
{ }
"name" : "DSA-3697", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2016/dsa-3697" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2016-92c112a380", "description": [
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNMM5TVPTJQFPJ3YDF4DPXDFW3GQLWLY/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2016:2559", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-updates/2016-10/msg00065.html" ]
}, },
{ "references": {
"name" : "93360", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93360" "name": "93360",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/93360"
} },
{
"name": "[oss-security] 20161004 Re: KMail vulnerabilites: need 3 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/1"
},
{
"name": "FEDORA-2016-92c112a380",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNMM5TVPTJQFPJ3YDF4DPXDFW3GQLWLY/"
},
{
"name": "openSUSE-SU-2016:2559",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00065.html"
},
{
"name": "DSA-3697",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3697"
}
]
}
} }

160
2016/8xxx/CVE-2016-8972.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-8972", "ID": "CVE-2016-8972",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "AIX", "product_name": "AIX",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.1" "version_value": "6.1"
}, },
{ {
"version_value" : "7.1" "version_value": "7.1"
}, },
{ {
"version_value" : "7.2" "version_value": "7.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM Corporation" "vendor_name": "IBM Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "40950", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/40950/" "lang": "eng",
}, "value": "IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011."
{ }
"name" : "http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc", ]
"refsource" : "CONFIRM", },
"url" : "http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94979", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94979" "lang": "eng",
}, "value": "Gain Privileges"
{ }
"name" : "1037480", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037480" ]
} },
] "references": {
} "reference_data": [
{
"name": "1037480",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037480"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc"
},
{
"name": "94979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94979"
},
{
"name": "40950",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40950/"
}
]
}
} }