admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:14:20 +00:00
parent a0f68000cd
commit 28890c31a4
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4704 additions and 4704 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

240
2006/0xxx/CVE-2006-0457.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0457",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-0457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm"
},
{
"name" : "MDKSA-2006:059",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:059"
},
{
"name" : "RHSA-2006:0575",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0575.html"
},
{
"name" : "SUSE-SA:2006:028",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name" : "USN-263-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/263-1/"
},
{
"name" : "17084",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17084"
},
{
"name" : "23894",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23894"
},
{
"name" : "oval:org.mitre.oval:def:9566",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9566"
},
{
"name" : "19220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19220"
},
{
"name" : "21465",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21465"
},
{
"name" : "20398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20398"
},
{
"name" : "22417",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22417"
},
{
"name" : "kernel-addkey-dos(25354)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25354"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19220"
},
{
"name": "17084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17084"
},
{
"name": "RHSA-2006:0575",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0575.html"
},
{
"name": "SUSE-SA:2006:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name": "21465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21465"
},
{
"name": "oval:org.mitre.oval:def:9566",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9566"
},
{
"name": "kernel-addkey-dos(25354)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25354"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm"
},
{
"name": "20398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20398"
},
{
"name": "22417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22417"
},
{
"name": "23894",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23894"
},
{
"name": "MDKSA-2006:059",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:059"
},
{
"name": "USN-263-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/263-1/"
}
]
}
}

150
2006/0xxx/CVE-2006-0770.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in \"advanced details\". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-0635",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0635"
},
{
"name" : "23264",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23264"
},
{
"name" : "18866",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18866"
},
{
"name" : "mybb-advanceddetails-xss(24748)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24748"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in \"advanced details\". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18866",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18866"
},
{
"name": "mybb-advanceddetails-xss(24748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24748"
},
{
"name": "ADV-2006-0635",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0635"
},
{
"name": "23264",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23264"
}
]
}
}

170
2006/0xxx/CVE-2006-0957.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0957",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060310 [eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427321/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/89/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/89/summary.html"
},
{
"name" : "http://soft.zoneo.net/freeForum/changes.php",
"refsource" : "CONFIRM",
"url" : "http://soft.zoneo.net/freeForum/changes.php"
},
{
"name" : "16871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16871"
},
{
"name" : "ADV-2006-0759",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0759"
},
{
"name" : "19020",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19020"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060310 [eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427321/100/0/threaded"
},
{
"name": "ADV-2006-0759",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0759"
},
{
"name": "16871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16871"
},
{
"name": "http://evuln.com/vulns/89/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/89/summary.html"
},
{
"name": "http://soft.zoneo.net/freeForum/changes.php",
"refsource": "CONFIRM",
"url": "http://soft.zoneo.net/freeForum/changes.php"
},
{
"name": "19020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19020"
}
]
}
}

180
2006/0xxx/CVE-2006-0997.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0997",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm"
},
{
"name" : "17176",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17176"
},
{
"name" : "ADV-2006-1043",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1043"
},
{
"name" : "24046",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24046"
},
{
"name" : "1015799",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015799"
},
{
"name" : "19324",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19324"
},
{
"name" : "netware-nile-ssl-cleartext(25380)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25380"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1043",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1043"
},
{
"name": "1015799",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015799"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm"
},
{
"name": "19324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19324"
},
{
"name": "netware-nile-ssl-cleartext(25380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25380"
},
{
"name": "17176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17176"
},
{
"name": "24046",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24046"
}
]
}
}

200
2006/1xxx/CVE-2006-1293.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1293",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060318 Contrexx CMS Xss Vuln",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/428075/100/0/threaded"
},
{
"name" : "http://soot.shabgard.org/Contrexx-CMS.txt",
"refsource" : "MISC",
"url" : "http://soot.shabgard.org/Contrexx-CMS.txt"
},
{
"name" : "http://www.contrexx.com/?section=media1&act=download&path=/media/archive1/Opensource/Bugfixes/contrexx_1.0.8/&file=contrexx_v1.0.8_bugfix_27-02-06.zip",
"refsource" : "MISC",
"url" : "http://www.contrexx.com/?section=media1&act=download&path=/media/archive1/Opensource/Bugfixes/contrexx_1.0.8/&file=contrexx_v1.0.8_bugfix_27-02-06.zip"
},
{
"name" : "http://www.contrexx.com/?section=news&cmd=details&newsid=54",
"refsource" : "MISC",
"url" : "http://www.contrexx.com/?section=news&cmd=details&newsid=54"
},
{
"name" : "17128",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17128"
},
{
"name" : "ADV-2006-1013",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1013"
},
{
"name" : "19294",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19294"
},
{
"name" : "599",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/599"
},
{
"name" : "contrexx-index-xss(25332)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25332"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://soot.shabgard.org/Contrexx-CMS.txt",
"refsource": "MISC",
"url": "http://soot.shabgard.org/Contrexx-CMS.txt"
},
{
"name": "599",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/599"
},
{
"name": "http://www.contrexx.com/?section=media1&act=download&path=/media/archive1/Opensource/Bugfixes/contrexx_1.0.8/&file=contrexx_v1.0.8_bugfix_27-02-06.zip",
"refsource": "MISC",
"url": "http://www.contrexx.com/?section=media1&act=download&path=/media/archive1/Opensource/Bugfixes/contrexx_1.0.8/&file=contrexx_v1.0.8_bugfix_27-02-06.zip"
},
{
"name": "http://www.contrexx.com/?section=news&cmd=details&newsid=54",
"refsource": "MISC",
"url": "http://www.contrexx.com/?section=news&cmd=details&newsid=54"
},
{
"name": "20060318 Contrexx CMS Xss Vuln",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428075/100/0/threaded"
},
{
"name": "ADV-2006-1013",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1013"
},
{
"name": "contrexx-index-xss(25332)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25332"
},
{
"name": "19294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19294"
},
{
"name": "17128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17128"
}
]
}
}

170
2006/1xxx/CVE-2006-1573.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1573",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060330 MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429395/100/0/threaded"
},
{
"name" : "20060516 Re: MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434419/100/0/threaded"
},
{
"name" : "17323",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17323"
},
{
"name" : "24313",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24313"
},
{
"name" : "657",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/657"
},
{
"name" : "mediaslash-index-file-include(25583)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25583"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mediaslash-index-file-include(25583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25583"
},
{
"name": "17323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17323"
},
{
"name": "20060330 MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429395/100/0/threaded"
},
{
"name": "657",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/657"
},
{
"name": "24313",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24313"
},
{
"name": "20060516 Re: MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434419/100/0/threaded"
}
]
}
}

270
2006/1xxx/CVE-2006-1608.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060409 copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430461/100/0/threaded"
},
{
"name" : "20060718 new shell bypass safe mode",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440869/100/0/threaded"
},
{
"name" : "20060723 Re: new shell bypass safe mode",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441210/100/0/threaded"
},
{
"name" : "20060408 copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2",
"refsource" : "SREASONRES",
"url" : "http://securityreason.com/achievement_securityalert/37"
},
{
"name" : "http://us.php.net/releases/5_1_3.php",
"refsource" : "CONFIRM",
"url" : "http://us.php.net/releases/5_1_3.php"
},
{
"name" : "MDKSA-2006:074",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:074"
},
{
"name" : "USN-320-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-320-1"
},
{
"name" : "17439",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17439"
},
{
"name" : "ADV-2006-1290",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1290"
},
{
"name" : "24487",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24487"
},
{
"name" : "1015882",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015882"
},
{
"name" : "19599",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19599"
},
{
"name" : "19775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19775"
},
{
"name" : "21125",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21125"
},
{
"name" : "678",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/678"
},
{
"name" : "php-copy-safemode-bypass(25706)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25706"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19775"
},
{
"name": "php-copy-safemode-bypass(25706)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25706"
},
{
"name": "20060718 new shell bypass safe mode",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440869/100/0/threaded"
},
{
"name": "20060408 copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/37"
},
{
"name": "678",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/678"
},
{
"name": "ADV-2006-1290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1290"
},
{
"name": "USN-320-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-320-1"
},
{
"name": "21125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21125"
},
{
"name": "19599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19599"
},
{
"name": "MDKSA-2006:074",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:074"
},
{
"name": "24487",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24487"
},
{
"name": "20060409 copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430461/100/0/threaded"
},
{
"name": "http://us.php.net/releases/5_1_3.php",
"refsource": "CONFIRM",
"url": "http://us.php.net/releases/5_1_3.php"
},
{
"name": "1015882",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015882"
},
{
"name": "17439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17439"
},
{
"name": "20060723 Re: new shell bypass safe mode",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441210/100/0/threaded"
}
]
}
}

160
2006/1xxx/CVE-2006-1679.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1679",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060407 Multiple vulnerability in jupiter CMS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430391/100/0/threaded"
},
{
"name" : "17405",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17405"
},
{
"name" : "ADV-2006-1302",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1302"
},
{
"name" : "19582",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19582"
},
{
"name" : "jupitercm-index-xss(25700)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25700"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060407 Multiple vulnerability in jupiter CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430391/100/0/threaded"
},
{
"name": "17405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17405"
},
{
"name": "jupitercm-index-xss(25700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25700"
},
{
"name": "ADV-2006-1302",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1302"
},
{
"name": "19582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19582"
}
]
}
}

510
2006/1xxx/CVE-2006-1688.json
View File

@ -1,257 +1,257 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1688",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060408 Autonomous LAN party File iNclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430289/100/0/threaded"
},
{
"name" : "20060710 SQuery <= 4.5(libpath) Remote File Inclusion Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439874/100/0/threaded"
},
{
"name" : "20060724 SQuery v.x (devi.php) (armygame.php) Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441015/100/0/threaded"
},
{
"name" : "http://liz0zim.no-ip.org/alp.txt",
"refsource" : "MISC",
"url" : "http://liz0zim.no-ip.org/alp.txt"
},
{
"name" : "http://www.blogcu.com/Liz0ziM/431845/",
"refsource" : "MISC",
"url" : "http://www.blogcu.com/Liz0ziM/431845/"
},
{
"name" : "17434",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17434"
},
{
"name" : "ADV-2006-1284",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1284"
},
{
"name" : "24401",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24401"
},
{
"name" : "24402",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24402"
},
{
"name" : "24403",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24403"
},
{
"name" : "24404",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24404"
},
{
"name" : "24405",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24405"
},
{
"name" : "24406",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24406"
},
{
"name" : "24407",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24407"
},
{
"name" : "24408",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24408"
},
{
"name" : "24421",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24421"
},
{
"name" : "24409",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24409"
},
{
"name" : "24410",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24410"
},
{
"name" : "24411",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24411"
},
{
"name" : "24412",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24412"
},
{
"name" : "24413",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24413"
},
{
"name" : "24414",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24414"
},
{
"name" : "24415",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24415"
},
{
"name" : "24416",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24416"
},
{
"name" : "24417",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24417"
},
{
"name" : "24418",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24418"
},
{
"name" : "24419",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24419"
},
{
"name" : "24420",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24420"
},
{
"name" : "24422",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24422"
},
{
"name" : "24423",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24423"
},
{
"name" : "24424",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24424"
},
{
"name" : "24425",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24425"
},
{
"name" : "24426",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24426"
},
{
"name" : "24427",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24427"
},
{
"name" : "24428",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24428"
},
{
"name" : "24429",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24429"
},
{
"name" : "1015884",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015884"
},
{
"name" : "19482",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19482"
},
{
"name" : "19588",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19588"
},
{
"name" : "679",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/679"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24402",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24402"
},
{
"name": "http://www.blogcu.com/Liz0ziM/431845/",
"refsource": "MISC",
"url": "http://www.blogcu.com/Liz0ziM/431845/"
},
{
"name": "24404",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24404"
},
{
"name": "24411",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24411"
},
{
"name": "ADV-2006-1284",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1284"
},
{
"name": "24403",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24403"
},
{
"name": "24421",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24421"
},
{
"name": "24428",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24428"
},
{
"name": "24407",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24407"
},
{
"name": "24414",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24414"
},
{
"name": "24424",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24424"
},
{
"name": "24425",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24425"
},
{
"name": "24410",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24410"
},
{
"name": "24413",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24413"
},
{
"name": "17434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17434"
},
{
"name": "24412",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24412"
},
{
"name": "24406",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24406"
},
{
"name": "679",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/679"
},
{
"name": "24409",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24409"
},
{
"name": "19588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19588"
},
{
"name": "24423",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24423"
},
{
"name": "24416",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24416"
},
{
"name": "24408",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24408"
},
{
"name": "24405",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24405"
},
{
"name": "24427",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24427"
},
{
"name": "20060710 SQuery <= 4.5(libpath) Remote File Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439874/100/0/threaded"
},
{
"name": "20060408 Autonomous LAN party File iNclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430289/100/0/threaded"
},
{
"name": "24418",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24418"
},
{
"name": "19482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19482"
},
{
"name": "20060724 SQuery v.x (devi.php) (armygame.php) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441015/100/0/threaded"
},
{
"name": "24426",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24426"
},
{
"name": "24401",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24401"
},
{
"name": "24429",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24429"
},
{
"name": "24422",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24422"
},
{
"name": "24420",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24420"
},
{
"name": "http://liz0zim.no-ip.org/alp.txt",
"refsource": "MISC",
"url": "http://liz0zim.no-ip.org/alp.txt"
},
{
"name": "24419",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24419"
},
{
"name": "1015884",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015884"
},
{
"name": "24417",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24417"
},
{
"name": "24415",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24415"
}
]
}
}

380
2006/4xxx/CVE-2006-4031.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4031",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.mysql.com/bug.php?id=15195",
"refsource" : "MISC",
"url" : "http://bugs.mysql.com/bug.php?id=15195"
},
{
"name" : "https://issues.rpath.com/browse/RPL-568",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-568"
},
{
"name" : "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html",
"refsource" : "CONFIRM",
"url" : "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html"
},
{
"name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html",
"refsource" : "CONFIRM",
"url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=305214",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name" : "APPLE-SA-2007-03-13",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name" : "MDKSA-2006:149",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:149"
},
{
"name" : "RHSA-2007:0083",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0083.html"
},
{
"name" : "RHSA-2008:0768",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0768.html"
},
{
"name" : "RHSA-2008:0364",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0364.html"
},
{
"name" : "SUSE-SR:2006:023",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name" : "USN-338-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-338-1"
},
{
"name" : "TA07-072A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name" : "19279",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19279"
},
{
"name" : "oval:org.mitre.oval:def:10468",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468"
},
{
"name" : "30351",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30351"
},
{
"name" : "ADV-2006-3079",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3079"
},
{
"name" : "ADV-2007-0930",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name" : "1016617",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016617"
},
{
"name" : "21259",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21259"
},
{
"name" : "21382",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21382"
},
{
"name" : "21685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21685"
},
{
"name" : "21770",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21770"
},
{
"name" : "21627",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21627"
},
{
"name" : "22080",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22080"
},
{
"name" : "24479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24479"
},
{
"name" : "31226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31226"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21259"
},
{
"name": "21627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21627"
},
{
"name": "TA07-072A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "SUSE-SR:2006:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name": "APPLE-SA-2007-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "ADV-2006-3079",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3079"
},
{
"name": "19279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19279"
},
{
"name": "USN-338-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-338-1"
},
{
"name": "31226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31226"
},
{
"name": "oval:org.mitre.oval:def:10468",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305214",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "RHSA-2008:0768",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0768.html"
},
{
"name": "21382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21382"
},
{
"name": "MDKSA-2006:149",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:149"
},
{
"name": "22080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22080"
},
{
"name": "21770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21770"
},
{
"name": "21685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21685"
},
{
"name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html"
},
{
"name": "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html"
},
{
"name": "1016617",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016617"
},
{
"name": "http://bugs.mysql.com/bug.php?id=15195",
"refsource": "MISC",
"url": "http://bugs.mysql.com/bug.php?id=15195"
},
{
"name": "30351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30351"
},
{
"name": "ADV-2007-0930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "RHSA-2007:0083",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0083.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-568",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-568"
},
{
"name": "RHSA-2008:0364",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0364.html"
},
{
"name": "24479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24479"
}
]
}
}

200
2006/4xxx/CVE-2006-4312.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a \"non-random value\" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060823 Unintentional Password Modification Vulnerability in Cisco Firewall Products",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060823-firewall.shtml"
},
{
"name" : "19681",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19681"
},
{
"name" : "ADV-2006-3367",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3367"
},
{
"name" : "28143",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28143"
},
{
"name" : "1016738",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016738"
},
{
"name" : "1016739",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016739"
},
{
"name" : "1016740",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016740"
},
{
"name" : "21616",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21616"
},
{
"name" : "cisco-pix-password-modification(28540)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28540"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a \"non-random value\" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3367"
},
{
"name": "1016740",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016740"
},
{
"name": "20060823 Unintentional Password Modification Vulnerability in Cisco Firewall Products",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060823-firewall.shtml"
},
{
"name": "19681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19681"
},
{
"name": "28143",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28143"
},
{
"name": "1016738",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016738"
},
{
"name": "1016739",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016739"
},
{
"name": "cisco-pix-password-modification(28540)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28540"
},
{
"name": "21616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21616"
}
]
}
}

210
2006/4xxx/CVE-2006-4537.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4537",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a \"network breakin\" event, which allows local users to obtain passwords by reading the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIECO03-V732.txt",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIECO03-V732.txt"
},
{
"name" : "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.2/AXP_DNVOSIECO02-V82.txt",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.2/AXP_DNVOSIECO02-V82.txt"
},
{
"name" : "19783",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19783"
},
{
"name" : "ADV-2006-3423",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3423"
},
{
"name" : "28272",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28272"
},
{
"name" : "1016772",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016772"
},
{
"name" : "1017472",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017472"
},
{
"name" : "21705",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21705"
},
{
"name" : "23632",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23632"
},
{
"name" : "openvms-auditlogfile-information-disclosure(28695)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28695"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a \"network breakin\" event, which allows local users to obtain passwords by reading the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017472",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017472"
},
{
"name": "19783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19783"
},
{
"name": "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIECO03-V732.txt",
"refsource": "CONFIRM",
"url": "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIECO03-V732.txt"
},
{
"name": "28272",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28272"
},
{
"name": "21705",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21705"
},
{
"name": "openvms-auditlogfile-information-disclosure(28695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28695"
},
{
"name": "23632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23632"
},
{
"name": "ADV-2006-3423",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3423"
},
{
"name": "1016772",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016772"
},
{
"name": "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.2/AXP_DNVOSIECO02-V82.txt",
"refsource": "CONFIRM",
"url": "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.2/AXP_DNVOSIECO02-V82.txt"
}
]
}
}

150
2006/4xxx/CVE-2006-4582.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2006-4582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2006-76/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2006-76/advisory/"
},
{
"name" : "32559",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32559"
},
{
"name" : "21694",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21694"
},
{
"name" : "theaddressbook-users-csrf(31251)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31251"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2006-76/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-76/advisory/"
},
{
"name": "32559",
"refsource": "OSVDB",
"url": "http://osvdb.org/32559"
},
{
"name": "theaddressbook-users-csrf(31251)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31251"
},
{
"name": "21694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21694"
}
]
}
}

210
2006/4xxx/CVE-2006-4585.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060903 Tr Forum V2.0 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445079/100/0/threaded"
},
{
"name" : "http://acid-root.new.fr/poc/10060903.txt",
"refsource" : "MISC",
"url" : "http://acid-root.new.fr/poc/10060903.txt"
},
{
"name" : "2297",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2297"
},
{
"name" : "19834",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19834"
},
{
"name" : "ADV-2006-3452",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3452"
},
{
"name" : "28545",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28545"
},
{
"name" : "1016788",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016788"
},
{
"name" : "21754",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21754"
},
{
"name" : "1508",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1508"
},
{
"name" : "tr-forum-admin-sql-injection(28753)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28753"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1508",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1508"
},
{
"name": "20060903 Tr Forum V2.0 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445079/100/0/threaded"
},
{
"name": "tr-forum-admin-sql-injection(28753)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28753"
},
{
"name": "ADV-2006-3452",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3452"
},
{
"name": "21754",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21754"
},
{
"name": "28545",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28545"
},
{
"name": "19834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19834"
},
{
"name": "2297",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2297"
},
{
"name": "http://acid-root.new.fr/poc/10060903.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/poc/10060903.txt"
},
{
"name": "1016788",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016788"
}
]
}
}

120
2006/5xxx/CVE-2006-5040.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5040",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in SEF404x (com_sef) for Joomla! has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://forum.joomla.org/index.php/topic,79477.0.html",
"refsource" : "CONFIRM",
"url" : "http://forum.joomla.org/index.php/topic,79477.0.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SEF404x (com_sef) for Joomla! has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.joomla.org/index.php/topic,79477.0.html",
"refsource": "CONFIRM",
"url": "http://forum.joomla.org/index.php/topic,79477.0.html"
}
]
}
}

300
2006/5xxx/CVE-2006-5295.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5295",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to \"read an invalid memory location.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061016 Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=423"
},
{
"name" : "http://kolab.org/security/kolab-vendor-notice-13.txt",
"refsource" : "CONFIRM",
"url" : "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"name" : "DSA-1196",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1196"
},
{
"name" : "GLSA-200610-10",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"name" : "MDKSA-2006:184",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"name" : "SUSE-SA:2006:060",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"name" : "20537",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20537"
},
{
"name" : "ADV-2006-4034",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4034"
},
{
"name" : "ADV-2006-4136",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4136"
},
{
"name" : "ADV-2006-4264",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4264"
},
{
"name" : "1017068",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017068"
},
{
"name" : "22370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22370"
},
{
"name" : "22421",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22421"
},
{
"name" : "22498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22498"
},
{
"name" : "22488",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22488"
},
{
"name" : "22537",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22537"
},
{
"name" : "22551",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22551"
},
{
"name" : "22626",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22626"
},
{
"name" : "clamav-chm-dos(29608)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29608"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to \"read an invalid memory location.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4034",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4034"
},
{
"name": "22488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22488"
},
{
"name": "22370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22370"
},
{
"name": "SUSE-SA:2006:060",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"name": "20061016 Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=423"
},
{
"name": "20537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20537"
},
{
"name": "MDKSA-2006:184",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"name": "22626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22626"
},
{
"name": "ADV-2006-4136",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4136"
},
{
"name": "clamav-chm-dos(29608)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29608"
},
{
"name": "22421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22421"
},
{
"name": "ADV-2006-4264",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4264"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-13.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"name": "GLSA-200610-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"name": "1017068",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017068"
},
{
"name": "DSA-1196",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1196"
},
{
"name": "22551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22551"
},
{
"name": "22537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22537"
},
{
"name": "22498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22498"
}
]
}
}

180
2010/0xxx/CVE-2010-0712.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dev.zenoss.org/trac/changeset/15257",
"refsource" : "MISC",
"url" : "http://dev.zenoss.org/trac/changeset/15257"
},
{
"name" : "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/",
"refsource" : "MISC",
"url" : "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/"
},
{
"name" : "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html",
"refsource" : "CONFIRM",
"url" : "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name" : "37802",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37802"
},
{
"name" : "61804",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61804"
},
{
"name" : "38195",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38195"
},
{
"name" : "zenoss-getjsoneventsinfo-sql-injection(55670)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55670"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.zenoss.org/trac/changeset/15257",
"refsource": "MISC",
"url": "http://dev.zenoss.org/trac/changeset/15257"
},
{
"name": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/",
"refsource": "MISC",
"url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/"
},
{
"name": "61804",
"refsource": "OSVDB",
"url": "http://osvdb.org/61804"
},
{
"name": "37802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37802"
},
{
"name": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html",
"refsource": "CONFIRM",
"url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name": "zenoss-getjsoneventsinfo-sql-injection(55670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55670"
},
{
"name": "38195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38195"
}
]
}
}

130
2010/2xxx/CVE-2010-2245.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2245",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[MARC] 20100706 [Important] Wink security advisory CVE-2010-2245",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=wink-user&m=127843482925387&w=2"
},
{
"name" : "https://svn.apache.org/repos/asf/wink/trunk/security/CVE-2010-2245.pdf",
"refsource" : "CONFIRM",
"url" : "https://svn.apache.org/repos/asf/wink/trunk/security/CVE-2010-2245.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://svn.apache.org/repos/asf/wink/trunk/security/CVE-2010-2245.pdf",
"refsource": "CONFIRM",
"url": "https://svn.apache.org/repos/asf/wink/trunk/security/CVE-2010-2245.pdf"
},
{
"name": "[MARC] 20100706 [Important] Wink security advisory CVE-2010-2245",
"refsource": "MLIST",
"url": "http://marc.info/?l=wink-user&m=127843482925387&w=2"
}
]
}
}

150
2010/2xxx/CVE-2010-2515.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with \"Public Front-end\" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1006-exploits/joomlajfaq-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1006-exploits/joomlajfaq-sqlxss.txt"
},
{
"name" : "41029",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41029"
},
{
"name" : "65695",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65695"
},
{
"name" : "40219",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with \"Public Front-end\" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41029"
},
{
"name": "65695",
"refsource": "OSVDB",
"url": "http://osvdb.org/65695"
},
{
"name": "40219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40219"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/joomlajfaq-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/joomlajfaq-sqlxss.txt"
}
]
}
}

140
2010/2xxx/CVE-2010-2557.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2557",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-053",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053"
},
{
"name" : "TA10-222A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name" : "oval:org.mitre.oval:def:11968",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "MS10-053",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053"
},
{
"name": "oval:org.mitre.oval:def:11968",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11968"
}
]
}
}

140
2010/2xxx/CVE-2010-2622.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14127",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14127"
},
{
"name" : "41256",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41256"
},
{
"name" : "joomanager-catid-sql-injection(59945)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59945"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41256"
},
{
"name": "14127",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14127"
},
{
"name": "joomanager-catid-sql-injection(59945)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59945"
}
]
}
}

150
2010/3xxx/CVE-2010-3021.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3021",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and application hang) via an animated PNG image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/mac/1061/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1061/"
},
{
"name" : "http://www.opera.com/docs/changelogs/unix/1061/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unix/1061/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1061/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1061/"
},
{
"name" : "oval:org.mitre.oval:def:11933",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11933"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and application hang) via an animated PNG image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/docs/changelogs/unix/1061/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1061/"
},
{
"name": "oval:org.mitre.oval:def:11933",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11933"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1061/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1061/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1061/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1061/"
}
]
}
}

120
2010/3xxx/CVE-2010-3049.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3049",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-3049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150825 Chapter: Caveats in Release 12.2(33)SXI Rebuilds",
"refsource" : "CISCO",
"url" : "https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/release/notes/ol_14271/caveats_SXI_rebuilds.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150825 Chapter: Caveats in Release 12.2(33)SXI Rebuilds",
"refsource": "CISCO",
"url": "https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/release/notes/ol_14271/caveats_SXI_rebuilds.html"
}
]
}
}

140
2010/3xxx/CVE-2010-3112.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3112",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=45400",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=45400"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html"
},
{
"name" : "oval:org.mitre.oval:def:11275",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=45400",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=45400"
},
{
"name": "oval:org.mitre.oval:def:11275",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11275"
}
]
}
}

320
2010/3xxx/CVE-2010-3296.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3296",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name" : "[linux-kernel] 20100911 [PATCH] drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack memory",
"refsource" : "MLIST",
"url" : "http://lkml.org/lkml/2010/9/11/170"
},
{
"name" : "[oss-security] 20100914 CVE request: kernel: numerous infoleaks",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/14/2"
},
{
"name" : "[oss-security] 20100914 Re: CVE request: kernel: numerous infoleaks",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/14/7"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=49c37c0334a9b85d30ab3d6b5d1acb05ef2ef6de",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=49c37c0334a9b85d30ab3d6b5d1acb05ef2ef6de"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=633149",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=633149"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name" : "DSA-2126",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2126"
},
{
"name" : "RHSA-2011:0017",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name" : "SUSE-SA:2010:050",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html"
},
{
"name" : "SUSE-SA:2010:054",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
},
{
"name" : "SUSE-SA:2011:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name" : "USN-1041-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1041-1"
},
{
"name" : "43221",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43221"
},
{
"name" : "41440",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41440"
},
{
"name" : "42758",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42758"
},
{
"name" : "42884",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42884"
},
{
"name" : "46397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46397"
},
{
"name" : "ADV-2011-0070",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0070"
},
{
"name" : "ADV-2011-0298",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0298"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc5"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "RHSA-2011:0017",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "[oss-security] 20100914 Re: CVE request: kernel: numerous infoleaks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/7"
},
{
"name": "[oss-security] 20100914 CVE request: kernel: numerous infoleaks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/2"
},
{
"name": "[linux-kernel] 20100911 [PATCH] drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack memory",
"refsource": "MLIST",
"url": "http://lkml.org/lkml/2010/9/11/170"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=49c37c0334a9b85d30ab3d6b5d1acb05ef2ef6de",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=49c37c0334a9b85d30ab3d6b5d1acb05ef2ef6de"
},
{
"name": "USN-1041-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1041-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=633149",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=633149"
},
{
"name": "SUSE-SA:2011:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name": "ADV-2011-0298",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0298"
},
{
"name": "SUSE-SA:2010:050",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "42758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42758"
},
{
"name": "42884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42884"
},
{
"name": "ADV-2011-0070",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0070"
},
{
"name": "SUSE-SA:2010:054",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
},
{
"name": "41440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41440"
},
{
"name": "43221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43221"
},
{
"name": "DSA-2126",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2126"
}
]
}
}

160
2010/3xxx/CVE-2010-3421.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3421",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ProductCart 3, 4.1 SP1, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter, a different vector than CVE-2004-2174 and CVE-2005-0995. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.upsploit.com/index.php/advisories/view/UPS-2010-0002",
"refsource" : "MISC",
"url" : "https://www.upsploit.com/index.php/advisories/view/UPS-2010-0002"
},
{
"name" : "43144",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43144"
},
{
"name" : "67938",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/67938"
},
{
"name" : "41394",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41394"
},
{
"name" : "productcart-affiliatelogin-xss(61727)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61727"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ProductCart 3, 4.1 SP1, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter, a different vector than CVE-2004-2174 and CVE-2005-0995. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.upsploit.com/index.php/advisories/view/UPS-2010-0002",
"refsource": "MISC",
"url": "https://www.upsploit.com/index.php/advisories/view/UPS-2010-0002"
},
{
"name": "67938",
"refsource": "OSVDB",
"url": "http://osvdb.org/67938"
},
{
"name": "43144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43144"
},
{
"name": "productcart-affiliatelogin-xss(61727)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61727"
},
{
"name": "41394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41394"
}
]
}
}

480
2010/3xxx/CVE-2010-3654.json
View File

@ -1,242 +1,242 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3654",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-3654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html",
"refsource" : "MISC",
"url" : "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html"
},
{
"name" : "http://www.adobe.com/support/security/advisories/apsa10-05.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/advisories/apsa10-05.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-26.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
},
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-28.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
},
{
"name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1",
"refsource" : "CONFIRM",
"url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "GLSA-201101-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name" : "GLSA-201101-09",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name" : "RHSA-2010:0829",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0829.html"
},
{
"name" : "RHSA-2010:0834",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0834.html"
},
{
"name" : "RHSA-2010:0934",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
},
{
"name" : "RHSA-2010:0867",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0867.html"
},
{
"name" : "SUSE-SA:2010:058",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
},
{
"name" : "SUSE-SA:2010:055",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
},
{
"name" : "TLSA-2011-2",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt"
},
{
"name" : "VU#298081",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/298081"
},
{
"name" : "44504",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44504"
},
{
"name" : "oval:org.mitre.oval:def:13294",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13294"
},
{
"name" : "1024659",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024659"
},
{
"name" : "1024660",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024660"
},
{
"name" : "41917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41917"
},
{
"name" : "42030",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42030"
},
{
"name" : "42183",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42183"
},
{
"name" : "42401",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42401"
},
{
"name" : "42926",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42926"
},
{
"name" : "43025",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43025"
},
{
"name" : "43026",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43026"
},
{
"name" : "8210",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8210"
},
{
"name" : "ADV-2010-2903",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2903"
},
{
"name" : "ADV-2010-2906",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2906"
},
{
"name" : "ADV-2010-2918",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2918"
},
{
"name" : "ADV-2010-3111",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3111"
},
{
"name" : "ADV-2011-0173",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0173"
},
{
"name" : "ADV-2011-0191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name" : "ADV-2011-0192",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name" : "ADV-2011-0344",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0344"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "42183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42183"
},
{
"name": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html",
"refsource": "MISC",
"url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "42030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42030"
},
{
"name": "ADV-2011-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1"
},
{
"name": "43025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43025"
},
{
"name": "ADV-2011-0344",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0344"
},
{
"name": "43026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43026"
},
{
"name": "GLSA-201101-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "ADV-2010-2918",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2918"
},
{
"name": "ADV-2010-3111",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3111"
},
{
"name": "41917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41917"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "GLSA-201101-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "RHSA-2010:0834",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html"
},
{
"name": "SUSE-SA:2010:055",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
},
{
"name": "1024660",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024660"
},
{
"name": "42926",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42926"
},
{
"name": "RHSA-2010:0934",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
},
{
"name": "ADV-2010-2903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2903"
},
{
"name": "ADV-2011-0173",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0173"
},
{
"name": "42401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42401"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-26.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
},
{
"name": "VU#298081",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/298081"
},
{
"name": "1024659",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024659"
},
{
"name": "TLSA-2011-2",
"refsource": "TURBO",
"url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt"
},
{
"name": "44504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44504"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa10-05.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa10-05.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-28.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
},
{
"name": "SUSE-SA:2010:058",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
},
{
"name": "8210",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8210"
},
{
"name": "ADV-2010-2906",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2906"
},
{
"name": "RHSA-2010:0867",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html"
},
{
"name": "RHSA-2010:0829",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html"
},
{
"name": "oval:org.mitre.oval:def:13294",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13294"
}
]
}
}

140
2010/4xxx/CVE-2010-4184.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.netsupportsoftware.com/support/td.asp?td=634",
"refsource" : "CONFIRM",
"url" : "http://www.netsupportsoftware.com/support/td.asp?td=634"
},
{
"name" : "VU#465239",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/465239"
},
{
"name" : "netsupport-http-info-disclosure(62984)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62984"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.netsupportsoftware.com/support/td.asp?td=634",
"refsource": "CONFIRM",
"url": "http://www.netsupportsoftware.com/support/td.asp?td=634"
},
{
"name": "VU#465239",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/465239"
},
{
"name": "netsupport-http-info-disclosure(62984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62984"
}
]
}
}

120
2010/4xxx/CVE-2010-4726.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4726",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt",
"refsource" : "CONFIRM",
"url" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt",
"refsource": "CONFIRM",
"url": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt"
}
]
}
}

190
2011/1xxx/CVE-2011-1301.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=75629",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=75629"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
},
{
"name" : "47377",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47377"
},
{
"name" : "oval:org.mitre.oval:def:14509",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14509"
},
{
"name" : "1025377",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025377"
},
{
"name" : "44141",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44141"
},
{
"name" : "ADV-2011-1006",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1006"
},
{
"name" : "chrome-gpu-code-execution(66767)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-1006",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1006"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=75629",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=75629"
},
{
"name": "1025377",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025377"
},
{
"name": "44141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44141"
},
{
"name": "47377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47377"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
},
{
"name": "chrome-gpu-code-execution(66767)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66767"
},
{
"name": "oval:org.mitre.oval:def:14509",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14509"
}
]
}
}

150
2011/1xxx/CVE-2011-1673.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1673",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#644812",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/644812"
},
{
"name" : "44045",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44045"
},
{
"name" : "ADV-2011-0884",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0884"
},
{
"name" : "prosafe-backupconfig-info-disc(66817)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66817"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "prosafe-backupconfig-info-disc(66817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66817"
},
{
"name": "VU#644812",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/644812"
},
{
"name": "ADV-2011-0884",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0884"
},
{
"name": "44045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44045"
}
]
}
}

120
2011/5xxx/CVE-2011-5126.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5126",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.bluecoat.com/index?page=content&id=SA56",
"refsource" : "CONFIRM",
"url" : "https://kb.bluecoat.com/index?page=content&id=SA56"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.bluecoat.com/index?page=content&id=SA56",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content&id=SA56"
}
]
}
}

150
2011/5xxx/CVE-2011-5162.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5162",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the \"ref href\" tag. NOTE: this issue exists because of a CVE-2007-0707 regression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18174",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18174/"
},
{
"name" : "33080",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/33080"
},
{
"name" : "47009",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47009"
},
{
"name" : "gom-asx-bo(71575)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71575"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the \"ref href\" tag. NOTE: this issue exists because of a CVE-2007-0707 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47009",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47009"
},
{
"name": "gom-asx-bo(71575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71575"
},
{
"name": "18174",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18174/"
},
{
"name": "33080",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33080"
}
]
}
}

130
2014/10xxx/CVE-2014-10075.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10075",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The karo gem 2.3.8 for Ruby allows Remote command injection via the host field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vapid.dhs.org/advisories/karo-2.3.8.html",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisories/karo-2.3.8.html"
},
{
"name" : "http://www.vapidlabs.com/advisory.php?v=63",
"refsource" : "MISC",
"url" : "http://www.vapidlabs.com/advisory.php?v=63"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The karo gem 2.3.8 for Ruby allows Remote command injection via the host field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=63",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=63"
},
{
"name": "http://www.vapid.dhs.org/advisories/karo-2.3.8.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/karo-2.3.8.html"
}
]
}
}

150
2014/3xxx/CVE-2014-3056.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3056",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677032",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name" : "PI18909",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
},
{
"name" : "60499",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60499"
},
{
"name" : "ibm-wsputl-cve20143056-infodisc(93530)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93530"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60499"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143056-infodisc(93530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93530"
},
{
"name": "PI18909",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
]
}
}

130
2014/3xxx/CVE-2014-3270.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3270",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140519 Cisco IOS XR Software DHCP Version 6 Process Hang Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3270"
},
{
"name" : "1030259",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030259"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140519 Cisco IOS XR Software DHCP Version 6 Process Hang Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3270"
},
{
"name": "1030259",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030259"
}
]
}
}

160
2014/3xxx/CVE-2014-3341.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3341",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35338",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35338"
},
{
"name" : "20140818 Cisco NX-OS Software SNMP Information Disclosure Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341"
},
{
"name" : "69266",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69266"
},
{
"name" : "1030746",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030746"
},
{
"name" : "cisco-nxos-cve20143341-info-disc(95329)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95329"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35338",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35338"
},
{
"name": "cisco-nxos-cve20143341-info-disc(95329)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95329"
},
{
"name": "69266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69266"
},
{
"name": "20140818 Cisco NX-OS Software SNMP Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341"
},
{
"name": "1030746",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030746"
}
]
}
}

170
2014/3xxx/CVE-2014-3941.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3941",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to \"Host Spoofing.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/06/03/2"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name" : "DSA-2942",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2942"
},
{
"name" : "openSUSE-SU-2016:2025",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"
},
{
"name" : "openSUSE-SU-2016:2114",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"
},
{
"name" : "openSUSE-SU-2014:0813",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to \"Host Spoofing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"
},
{
"name": "openSUSE-SU-2014:0813",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"name": "DSA-2942",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"name": "openSUSE-SU-2016:2114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
]
}
}

160
2014/4xxx/CVE-2014-4979.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4979",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-14-264/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-14-264/"
},
{
"name" : "http://support.apple.com/kb/HT6443",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6443"
},
{
"name" : "https://support.apple.com/kb/HT6493",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6493"
},
{
"name" : "68852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68852"
},
{
"name" : "1030638",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030638"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-264/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-264/"
},
{
"name": "https://support.apple.com/kb/HT6493",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6493"
},
{
"name": "68852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68852"
},
{
"name": "1030638",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030638"
},
{
"name": "http://support.apple.com/kb/HT6443",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6443"
}
]
}
}

34
2014/8xxx/CVE-2014-8212.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8212",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8212",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/8xxx/CVE-2014-8327.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8327",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-014/",
"refsource" : "MISC",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-014/"
},
{
"name" : "http://typo3.org/extensions/repository/view/fal_sftp",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/fal_sftp"
},
{
"name" : "falsftp-typo3-cve20148327-info-disc(97668)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97668"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-014/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-014/"
},
{
"name": "falsftp-typo3-cve20148327-info-disc(97668)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97668"
},
{
"name": "http://typo3.org/extensions/repository/view/fal_sftp",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/fal_sftp"
}
]
}
}

140
2014/8xxx/CVE-2014-8375.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8375",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/127833/WordPress-GB-Gallery-Slideshow-1.5-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127833/WordPress-GB-Gallery-Slideshow-1.5-SQL-Injection.html"
},
{
"name" : "http://www.homelab.it/index.php/2014/08/10/wordpress-gb-gallery-slideshow",
"refsource" : "MISC",
"url" : "http://www.homelab.it/index.php/2014/08/10/wordpress-gb-gallery-slideshow"
},
{
"name" : "69181",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69181"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127833/WordPress-GB-Gallery-Slideshow-1.5-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127833/WordPress-GB-Gallery-Slideshow-1.5-SQL-Injection.html"
},
{
"name": "69181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69181"
},
{
"name": "http://www.homelab.it/index.php/2014/08/10/wordpress-gb-gallery-slideshow",
"refsource": "MISC",
"url": "http://www.homelab.it/index.php/2014/08/10/wordpress-gb-gallery-slideshow"
}
]
}
}

34
2014/9xxx/CVE-2014-9067.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9067",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9067",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/9xxx/CVE-2014-9531.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9531",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9531",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2014/9xxx/CVE-2014-9582.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35585",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35585"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35585",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35585"
}
]
}
}

150
2014/9xxx/CVE-2014-9716.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9716",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md"
},
{
"name" : "https://github.com/kogmbh/WebODF/pull/851",
"refsource" : "CONFIRM",
"url" : "https://github.com/kogmbh/WebODF/pull/851"
},
{
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-002",
"refsource" : "CONFIRM",
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-002"
},
{
"name" : "74577",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74577"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74577"
},
{
"name": "https://github.com/kogmbh/WebODF/pull/851",
"refsource": "CONFIRM",
"url": "https://github.com/kogmbh/WebODF/pull/851"
},
{
"name": "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md",
"refsource": "CONFIRM",
"url": "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-002",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-002"
}
]
}
}

34
2016/2xxx/CVE-2016-2593.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2593",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2593",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

180
2016/2xxx/CVE-2016-2844.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-2844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"
},
{
"name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=546849",
"refsource" : "CONFIRM",
"url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=546849"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=591402",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=591402"
},
{
"name" : "https://codereview.chromium.org/1423573002",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/1423573002"
},
{
"name" : "USN-2920-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2920-1"
},
{
"name" : "84170",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84170"
},
{
"name" : "1035185",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035185"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=546849",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=546849"
},
{
"name": "1035185",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035185"
},
{
"name": "84170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84170"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=591402",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=591402"
},
{
"name": "https://codereview.chromium.org/1423573002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1423573002"
},
{
"name": "USN-2920-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2920-1"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"
}
]
}
}

346
2016/6xxx/CVE-2016-6072.json
View File

@ -1,175 +1,175 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6072",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Maximo Asset Management",
"version" : {
"version_data" : [
{
"version_value" : "6.2"
},
{
"version_value" : "7.1"
},
{
"version_value" : "7.5"
},
{
"version_value" : "7.5.0.0"
},
{
"version_value" : "7.5.0.10"
},
{
"version_value" : "7.1.0.0"
},
{
"version_value" : "6.2.0.0"
},
{
"version_value" : "7.2"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "7.1.2"
},
{
"version_value" : "7.2.1"
},
{
"version_value" : "6.2.1"
},
{
"version_value" : "6.2.2"
},
{
"version_value" : "6.2.3"
},
{
"version_value" : "6.2.4"
},
{
"version_value" : "6.2.5"
},
{
"version_value" : "6.2.6"
},
{
"version_value" : "6.2.7"
},
{
"version_value" : "6.2.8"
},
{
"version_value" : "7.1.1.1"
},
{
"version_value" : "7.1.1.10"
},
{
"version_value" : "7.1.1.11"
},
{
"version_value" : "7.1.1.12"
},
{
"version_value" : "7.1.1.2"
},
{
"version_value" : "7.1.1.5"
},
{
"version_value" : "7.1.1.6"
},
{
"version_value" : "7.1.1.7"
},
{
"version_value" : "7.1.1.8"
},
{
"version_value" : "7.1.1.9"
},
{
"version_value" : "7.5.0.1"
},
{
"version_value" : "7.5.0.2"
},
{
"version_value" : "7.5.0.3"
},
{
"version_value" : "7.5.0.4"
},
{
"version_value" : "7.5.0.5"
},
{
"version_value" : "7.6"
},
{
"version_value" : "7.5.0"
},
{
"version_value" : "7.6.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "6.2"
},
{
"version_value": "7.1"
},
{
"version_value": "7.5"
},
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.0.10"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "6.2.0.0"
},
{
"version_value": "7.2"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "7.2.1"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.3"
},
{
"version_value": "6.2.4"
},
{
"version_value": "6.2.5"
},
{
"version_value": "6.2.6"
},
{
"version_value": "6.2.7"
},
{
"version_value": "6.2.8"
},
{
"version_value": "7.1.1.1"
},
{
"version_value": "7.1.1.10"
},
{
"version_value": "7.1.1.11"
},
{
"version_value": "7.1.1.12"
},
{
"version_value": "7.1.1.2"
},
{
"version_value": "7.1.1.5"
},
{
"version_value": "7.1.1.6"
},
{
"version_value": "7.1.1.7"
},
{
"version_value": "7.1.1.8"
},
{
"version_value": "7.1.1.9"
},
{
"version_value": "7.5.0.1"
},
{
"version_value": "7.5.0.2"
},
{
"version_value": "7.5.0.3"
},
{
"version_value": "7.5.0.4"
},
{
"version_value": "7.5.0.5"
},
{
"version_value": "7.6"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.6.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21991893",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21991893"
},
{
"name" : "94355",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94355"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94355"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21991893",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
}
]
}
}

136
2016/6xxx/CVE-2016-6758.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-6758",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name" : "94677",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94677"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name": "94677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94677"
}
]
}
}

150
2016/6xxx/CVE-2016-6917.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4276/~/security-bulletin%3A-nvidia-shield-contains-multiple-vulnerabilities-in",
"refsource" : "CONFIRM",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4276/~/security-bulletin%3A-nvidia-shield-contains-multiple-vulnerabilities-in"
},
{
"name" : "https://source.android.com/security/bulletin/2016-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-12-01"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"name" : "94667",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94667"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4276/~/security-bulletin%3A-nvidia-shield-contains-multiple-vulnerabilities-in",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4276/~/security-bulletin%3A-nvidia-shield-contains-multiple-vulnerabilities-in"
},
{
"name": "https://source.android.com/security/bulletin/2016-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01"
},
{
"name": "94667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94667"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}
}

140
2016/7xxx/CVE-2016-7008.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7008",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-7008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "93496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93496"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name": "93496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93496"
}
]
}
}

130
2016/7xxx/CVE-2016-7102.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a \"special path\" in the C: drive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-016",
"refsource" : "CONFIRM",
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-016"
},
{
"name" : "92627",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92627"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a \"special path\" in the C: drive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92627"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-016",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-016"
}
]
}
}

140
2016/7xxx/CVE-2016-7214.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7214",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted application, aka \"Win32k Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-135",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135"
},
{
"name" : "93991",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93991"
},
{
"name" : "1037251",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037251"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted application, aka \"Win32k Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037251",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037251"
},
{
"name": "MS16-135",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135"
},
{
"name": "93991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93991"
}
]
}
}