admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:45:07 +00:00
parent 02ec11aeaf
commit 2b266f8eeb
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
70 changed files with 5595 additions and 5595 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/0xxx/CVE-2006-0226.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-0226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.signedness.org/advisories/sps-0x1.txt",
"refsource" : "MISC",
"url" : "http://www.signedness.org/advisories/sps-0x1.txt"
},
{
"name" : "http://kernelwars.blogspot.com/2007/01/alive.html",
"refsource" : "MISC",
"url" : "http://kernelwars.blogspot.com/2007/01/alive.html"
},
{
"name" : "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson",
"refsource" : "MISC",
"url" : "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson"
},
{
"name" : "FreeBSD-SA-06:05",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc"
},
{
"name" : "16296",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16296"
},
{
"name" : "22537",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22537"
},
{
"name" : "1015518",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015518"
},
{
"name" : "18353",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18353"
},
{
"name" : "bsd-ieee80211-bo(24192)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24192"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015518",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015518"
},
{
"name": "http://kernelwars.blogspot.com/2007/01/alive.html",
"refsource": "MISC",
"url": "http://kernelwars.blogspot.com/2007/01/alive.html"
},
{
"name": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson",
"refsource": "MISC",
"url": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson"
},
{
"name": "FreeBSD-SA-06:05",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc"
},
{
"name": "bsd-ieee80211-bo(24192)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24192"
},
{
"name": "http://www.signedness.org/advisories/sps-0x1.txt",
"refsource": "MISC",
"url": "http://www.signedness.org/advisories/sps-0x1.txt"
},
{
"name": "22537",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22537"
},
{
"name": "16296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16296"
},
{
"name": "18353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18353"
}
]
}
}

190
2006/0xxx/CVE-2006-0307.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DM Primer in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption and log file consumption) via unspecified \"unrecognized network messages\" that are not properly handled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060118 CAID 33756 - DM Deployment Common Component Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422381/100/0/threaded"
},
{
"name" : "http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_notice.asp",
"refsource" : "CONFIRM",
"url" : "http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_notice.asp"
},
{
"name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33756",
"refsource" : "CONFIRM",
"url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33756"
},
{
"name" : "16276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16276"
},
{
"name" : "ADV-2006-0236",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0236"
},
{
"name" : "22529",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22529"
},
{
"name" : "1015504",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015504"
},
{
"name" : "18531",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18531"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DM Primer in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption and log file consumption) via unspecified \"unrecognized network messages\" that are not properly handled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22529",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22529"
},
{
"name": "20060118 CAID 33756 - DM Deployment Common Component Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422381/100/0/threaded"
},
{
"name": "ADV-2006-0236",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0236"
},
{
"name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33756",
"refsource": "CONFIRM",
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33756"
},
{
"name": "18531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18531"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_notice.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_notice.asp"
},
{
"name": "16276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16276"
},
{
"name": "1015504",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015504"
}
]
}
}

160
2006/0xxx/CVE-2006-0523.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0523",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://community.mybboard.net/showthread.php?tid=6418",
"refsource" : "CONFIRM",
"url" : "http://community.mybboard.net/showthread.php?tid=6418"
},
{
"name" : "ADV-2006-0400",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0400"
},
{
"name" : "22903",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22903"
},
{
"name" : "18678",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18678"
},
{
"name" : "mybb-global-sql-injection(24416)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24416"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-global-sql-injection(24416)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24416"
},
{
"name": "22903",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22903"
},
{
"name": "ADV-2006-0400",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0400"
},
{
"name": "18678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18678"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=6418",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=6418"
}
]
}
}

200
2006/0xxx/CVE-2006-0756.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0756",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060214 dotproject <= 2.0.1 remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
},
{
"name" : "20060215 Re: dotproject <= 2.0.1 remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
},
{
"name" : "16648",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16648"
},
{
"name" : "ADV-2006-0604",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name" : "23207",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23207"
},
{
"name" : "23208",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23208"
},
{
"name" : "18879",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18879"
},
{
"name" : "434",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/434"
},
{
"name" : "dotproject-phpinfo-check-obtain-info(24745)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24745"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "434",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/434"
},
{
"name": "20060214 dotproject <= 2.0.1 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
},
{
"name": "23207",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23207"
},
{
"name": "23208",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23208"
},
{
"name": "dotproject-phpinfo-check-obtain-info(24745)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24745"
},
{
"name": "18879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18879"
},
{
"name": "16648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16648"
},
{
"name": "ADV-2006-0604",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name": "20060215 Re: dotproject <= 2.0.1 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
}
]
}
}

130
2006/0xxx/CVE-2006-0834.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0834",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Uniden UIP1868P VoIP Telephone and Router has a default password of admin for the web-based configuration utility, which allows remote attackers to obtain sensitive information on the device such as telephone numbers called, and possibly connect to other hosts. NOTE: it is possible that this password was configured by a reseller, not the original vendor; if so, then this is not a vulnerability in the product."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060216 Uniden UIP1868P (VoIP phone/gateway) default easy-to-guess password vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425362/100/0/threaded"
},
{
"name" : "uniden-uip1868p-default-account(24786)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24786"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uniden UIP1868P VoIP Telephone and Router has a default password of admin for the web-based configuration utility, which allows remote attackers to obtain sensitive information on the device such as telephone numbers called, and possibly connect to other hosts. NOTE: it is possible that this password was configured by a reseller, not the original vendor; if so, then this is not a vulnerability in the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060216 Uniden UIP1868P (VoIP phone/gateway) default easy-to-guess password vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425362/100/0/threaded"
},
{
"name": "uniden-uip1868p-default-account(24786)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24786"
}
]
}
}

180
2006/1xxx/CVE-2006-1073.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060304 Simplog <= 1.0.2 Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426769/100/0/threaded"
},
{
"name" : "http://notlegal.ws/simplogsploit.txt",
"refsource" : "MISC",
"url" : "http://notlegal.ws/simplogsploit.txt"
},
{
"name" : "16965",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16965"
},
{
"name" : "ADV-2006-0839",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0839"
},
{
"name" : "19115",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19115"
},
{
"name" : "542",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/542"
},
{
"name" : "simplog-index-traverse-directories(25067)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25067"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "simplog-index-traverse-directories(25067)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25067"
},
{
"name": "ADV-2006-0839",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0839"
},
{
"name": "542",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/542"
},
{
"name": "20060304 Simplog <= 1.0.2 Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426769/100/0/threaded"
},
{
"name": "19115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19115"
},
{
"name": "http://notlegal.ws/simplogsploit.txt",
"refsource": "MISC",
"url": "http://notlegal.ws/simplogsploit.txt"
},
{
"name": "16965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16965"
}
]
}
}

200
2006/1xxx/CVE-2006-1222.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427466/100/0/threaded"
},
{
"name" : "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042872.html"
},
{
"name" : "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf",
"refsource" : "MISC",
"url" : "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf"
},
{
"name" : "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2&no=5406",
"refsource" : "CONFIRM",
"url" : "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2&no=5406"
},
{
"name" : "17075",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17075"
},
{
"name" : "ADV-2006-0944",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0944"
},
{
"name" : "23847",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23847"
},
{
"name" : "19214",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19214"
},
{
"name" : "zeroboard-multiple-fields-xss(25212)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19214",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19214"
},
{
"name": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf",
"refsource": "MISC",
"url": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf"
},
{
"name": "ADV-2006-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0944"
},
{
"name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042872.html"
},
{
"name": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2&no=5406",
"refsource": "CONFIRM",
"url": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2&no=5406"
},
{
"name": "17075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17075"
},
{
"name": "23847",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23847"
},
{
"name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427466/100/0/threaded"
},
{
"name": "zeroboard-multiple-fields-xss(25212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25212"
}
]
}
}

150
2006/1xxx/CVE-2006-1231.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060307 capi4hylafax insecure manipulation with tmp files",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427084/100/0/threaded"
},
{
"name" : "20060307 capi4hylafax insecure manipulation with tmp files",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=114176689513438&w=2"
},
{
"name" : "17034",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17034"
},
{
"name" : "capi4hylafax-c2faxrecvdbgdatafile-symlink(25262)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25262"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060307 capi4hylafax insecure manipulation with tmp files",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=114176689513438&w=2"
},
{
"name": "capi4hylafax-c2faxrecvdbgdatafile-symlink(25262)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25262"
},
{
"name": "17034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17034"
},
{
"name": "20060307 capi4hylafax insecure manipulation with tmp files",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427084/100/0/threaded"
}
]
}
}

380
2006/1xxx/CVE-2006-1494.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1494",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061005 rPSA-2006-0182-1 php php-mysql php-pgsql",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447866/100/0/threaded"
},
{
"name" : "20060408 tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2",
"refsource" : "SREASONRES",
"url" : "http://securityreason.com/achievement_securityalert/36"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm"
},
{
"name" : "https://issues.rpath.com/browse/RPL-683",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-683"
},
{
"name" : "MDKSA-2006:074",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:074"
},
{
"name" : "RHSA-2006:0568",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0568.html"
},
{
"name" : "RHSA-2006:0567",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0567.html"
},
{
"name" : "RHSA-2006:0549",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0549.html"
},
{
"name" : "20060701-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
},
{
"name" : "SUSE-SA:2006:024",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/05-05-2006.html"
},
{
"name" : "USN-320-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-320-1"
},
{
"name" : "17439",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17439"
},
{
"name" : "oval:org.mitre.oval:def:10196",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10196"
},
{
"name" : "ADV-2006-1290",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1290"
},
{
"name" : "1015881",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015881"
},
{
"name" : "19599",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19599"
},
{
"name" : "21031",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21031"
},
{
"name" : "21135",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21135"
},
{
"name" : "21202",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21202"
},
{
"name" : "21252",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21252"
},
{
"name" : "21723",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21723"
},
{
"name" : "22225",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22225"
},
{
"name" : "19775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19775"
},
{
"name" : "19979",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19979"
},
{
"name" : "21125",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21125"
},
{
"name" : "677",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/677"
},
{
"name" : "php-tempnam-directory-traversal(25705)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25705"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21723",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21723"
},
{
"name": "https://issues.rpath.com/browse/RPL-683",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-683"
},
{
"name": "19775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19775"
},
{
"name": "21252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21252"
},
{
"name": "21202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21202"
},
{
"name": "677",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/677"
},
{
"name": "php-tempnam-directory-traversal(25705)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25705"
},
{
"name": "ADV-2006-1290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1290"
},
{
"name": "RHSA-2006:0568",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0568.html"
},
{
"name": "21135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21135"
},
{
"name": "USN-320-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-320-1"
},
{
"name": "20061005 rPSA-2006-0182-1 php php-mysql php-pgsql",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447866/100/0/threaded"
},
{
"name": "19979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19979"
},
{
"name": "RHSA-2006:0549",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0549.html"
},
{
"name": "22225",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22225"
},
{
"name": "21125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21125"
},
{
"name": "19599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19599"
},
{
"name": "MDKSA-2006:074",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:074"
},
{
"name": "20060408 tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/36"
},
{
"name": "21031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21031"
},
{
"name": "1015881",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015881"
},
{
"name": "RHSA-2006:0567",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0567.html"
},
{
"name": "20060701-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm"
},
{
"name": "oval:org.mitre.oval:def:10196",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10196"
},
{
"name": "17439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17439"
},
{
"name": "SUSE-SA:2006:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/05-05-2006.html"
}
]
}
}

160
2006/1xxx/CVE-2006-1653.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1653",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060404 [ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429983/100/0/threaded"
},
{
"name" : "http://advisories.echo.or.id/adv/adv27-K-159-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv27-K-159-2006.txt"
},
{
"name" : "17371",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17371"
},
{
"name" : "24610",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24610"
},
{
"name" : "angelinecms-loadkernel-file-include(25658)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25658"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "angelinecms-loadkernel-file-include(25658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25658"
},
{
"name": "17371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17371"
},
{
"name": "http://advisories.echo.or.id/adv/adv27-K-159-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv27-K-159-2006.txt"
},
{
"name": "20060404 [ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429983/100/0/threaded"
},
{
"name": "24610",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24610"
}
]
}
}

190
2006/1xxx/CVE-2006-1889.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the \"Search for\" item (keyword parameter)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060415 Boardsolution <= 1.12 XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431072/100/0/threaded"
},
{
"name" : "17549",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17549"
},
{
"name" : "ADV-2006-1413",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1413"
},
{
"name" : "1015948",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015948"
},
{
"name" : "19654",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19654"
},
{
"name" : "718",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/718"
},
{
"name" : "766",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/766"
},
{
"name" : "boardsolution-index-xss(25805)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25805"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the \"Search for\" item (keyword parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17549"
},
{
"name": "20060415 Boardsolution <= 1.12 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431072/100/0/threaded"
},
{
"name": "19654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19654"
},
{
"name": "boardsolution-index-xss(25805)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25805"
},
{
"name": "1015948",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015948"
},
{
"name": "ADV-2006-1413",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1413"
},
{
"name": "766",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/766"
},
{
"name": "718",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/718"
}
]
}
}

160
2006/3xxx/CVE-2006-3060.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the \"My Account\" login page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060609 P.A.I.D v2.2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/436650/100/0/threaded"
},
{
"name" : "ADV-2006-2304",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2304"
},
{
"name" : "20601",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20601"
},
{
"name" : "1108",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1108"
},
{
"name" : "paid--faq-index-login-xss(27157)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the \"My Account\" login page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060609 P.A.I.D v2.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436650/100/0/threaded"
},
{
"name": "ADV-2006-2304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2304"
},
{
"name": "20601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20601"
},
{
"name": "paid--faq-index-login-xss(27157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27157"
},
{
"name": "1108",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1108"
}
]
}
}

180
2006/4xxx/CVE-2006-4002.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4002",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/76748",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/76748"
},
{
"name" : "DSA-1147",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1147"
},
{
"name" : "19325",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19325"
},
{
"name" : "ADV-2006-3138",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3138"
},
{
"name" : "21332",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21332"
},
{
"name" : "21503",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21503"
},
{
"name" : "drupal-usermodule-xss(28184)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "drupal-usermodule-xss(28184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28184"
},
{
"name": "ADV-2006-3138",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3138"
},
{
"name": "21503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21503"
},
{
"name": "DSA-1147",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1147"
},
{
"name": "http://drupal.org/node/76748",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/76748"
},
{
"name": "19325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19325"
},
{
"name": "21332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21332"
}
]
}
}

200
2006/4xxx/CVE-2006-4029.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4029",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060725 [vuln.sg] AGEphone \"sipd.dll\" SIP Packet Handling Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441086/100/100/threaded"
},
{
"name" : "20060725 [vuln.sg] AGEphone \"sipd.dll\" SIP Packet Handling Buffer Overflow",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=115383213602413&w=2"
},
{
"name" : "http://vuln.sg/agephone1381-en.html",
"refsource" : "MISC",
"url" : "http://vuln.sg/agephone1381-en.html"
},
{
"name" : "19148",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19148"
},
{
"name" : "ADV-2006-2959",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2959"
},
{
"name" : "1016577",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016577"
},
{
"name" : "21175",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21175"
},
{
"name" : "1345",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1345"
},
{
"name" : "agephone-sip-bo(27944)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27944"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060725 [vuln.sg] AGEphone \"sipd.dll\" SIP Packet Handling Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441086/100/100/threaded"
},
{
"name": "agephone-sip-bo(27944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27944"
},
{
"name": "19148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19148"
},
{
"name": "1345",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1345"
},
{
"name": "http://vuln.sg/agephone1381-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/agephone1381-en.html"
},
{
"name": "1016577",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016577"
},
{
"name": "20060725 [vuln.sg] AGEphone \"sipd.dll\" SIP Packet Handling Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=115383213602413&w=2"
},
{
"name": "21175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21175"
},
{
"name": "ADV-2006-2959",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2959"
}
]
}
}

200
2006/4xxx/CVE-2006-4125.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4125",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060806 Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442440/100/0/threaded"
},
{
"name" : "http://www.dc.ds.pg.gda.pl/",
"refsource" : "CONFIRM",
"url" : "http://www.dc.ds.pg.gda.pl/"
},
{
"name" : "http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog",
"refsource" : "CONFIRM",
"url" : "http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog"
},
{
"name" : "19369",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19369"
},
{
"name" : "ADV-2006-3181",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3181"
},
{
"name" : "1016641",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016641"
},
{
"name" : "21384",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21384"
},
{
"name" : "1377",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1377"
},
{
"name" : "dconnect-daemon-listenthreadudp-bo(28276)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28276"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060806 Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442440/100/0/threaded"
},
{
"name": "ADV-2006-3181",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3181"
},
{
"name": "21384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21384"
},
{
"name": "1377",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1377"
},
{
"name": "http://www.dc.ds.pg.gda.pl/",
"refsource": "CONFIRM",
"url": "http://www.dc.ds.pg.gda.pl/"
},
{
"name": "19369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19369"
},
{
"name": "1016641",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016641"
},
{
"name": "http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog",
"refsource": "CONFIRM",
"url": "http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog"
},
{
"name": "dconnect-daemon-listenthreadudp-bo(28276)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28276"
}
]
}
}

150
2006/4xxx/CVE-2006-4636.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4636",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2310",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2310"
},
{
"name" : "19867",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19867"
},
{
"name" : "ADV-2006-3472",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3472"
},
{
"name" : "21753",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21753"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21753"
},
{
"name": "2310",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2310"
},
{
"name": "ADV-2006-3472",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3472"
},
{
"name": "19867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19867"
}
]
}
}

210
2006/4xxx/CVE-2006-4819.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4819",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061017 Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=424"
},
{
"name" : "http://www.opera.com/support/search/supsearch.dml?index=848",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/search/supsearch.dml?index=848"
},
{
"name" : "SUSE-SA:2006:061",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_61_opera.html"
},
{
"name" : "VU#484380",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/484380"
},
{
"name" : "20591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20591"
},
{
"name" : "ADV-2006-4066",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4066"
},
{
"name" : "1017080",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017080"
},
{
"name" : "22218",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22218"
},
{
"name" : "22509",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22509"
},
{
"name" : "opera-tag-url-bo(29632)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29632"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22509",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22509"
},
{
"name": "SUSE-SA:2006:061",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_61_opera.html"
},
{
"name": "20591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20591"
},
{
"name": "opera-tag-url-bo(29632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29632"
},
{
"name": "1017080",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017080"
},
{
"name": "VU#484380",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/484380"
},
{
"name": "ADV-2006-4066",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4066"
},
{
"name": "20061017 Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=424"
},
{
"name": "http://www.opera.com/support/search/supsearch.dml?index=848",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/search/supsearch.dml?index=848"
},
{
"name": "22218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22218"
}
]
}
}

170
2010/2xxx/CVE-2010-2032.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2032",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_realm or (2) digest_username parameters. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100518 Caucho Technology Resin digest.php Cross Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511341/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.org/1005-exploits/cauchoresin312-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/cauchoresin312-xss.txt"
},
{
"name" : "40251",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40251"
},
{
"name" : "39839",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39839"
},
{
"name" : "ADV-2010-1201",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1201"
},
{
"name" : "caucho-resin-digest-xss(58733)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58733"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_realm or (2) digest_username parameters. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1201",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1201"
},
{
"name": "40251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40251"
},
{
"name": "http://packetstormsecurity.org/1005-exploits/cauchoresin312-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/cauchoresin312-xss.txt"
},
{
"name": "caucho-resin-digest-xss(58733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58733"
},
{
"name": "20100518 Caucho Technology Resin digest.php Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511341/100/0/threaded"
},
{
"name": "39839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39839"
}
]
}
}

140
2010/2xxx/CVE-2010-2132.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.com/1002-exploits/oes-rfi.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.com/1002-exploits/oes-rfi.txt"
},
{
"name" : "38449",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38449"
},
{
"name" : "oes-confincludepath-file-include(56590)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56590"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.packetstormsecurity.com/1002-exploits/oes-rfi.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1002-exploits/oes-rfi.txt"
},
{
"name": "oes-confincludepath-file-include(56590)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56590"
},
{
"name": "38449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38449"
}
]
}
}

150
2010/3xxx/CVE-2010-3012.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-3012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02568",
"refsource" : "HP",
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"name" : "SSRT100219",
"refsource" : "HP",
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"name" : "41480",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41480"
},
{
"name" : "41490",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41490"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41490",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41490"
},
{
"name": "HPSBMA02568",
"refsource": "HP",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"name": "SSRT100219",
"refsource": "HP",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"name": "41480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41480"
}
]
}
}

140
2010/3xxx/CVE-2010-3096.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via \"..\\\" (dot dot backslash) sequences in a filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100813 Directory Traversal in SoftX FTP Client",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513085/100/0/threaded"
},
{
"name" : "http://www.htbridge.ch/advisory/directory_traversal_in_softx_ftp_client.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/directory_traversal_in_softx_ftp_client.html"
},
{
"name" : "40973",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40973"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via \"..\\\" (dot dot backslash) sequences in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40973"
},
{
"name": "20100813 Directory Traversal in SoftX FTP Client",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513085/100/0/threaded"
},
{
"name": "http://www.htbridge.ch/advisory/directory_traversal_in_softx_ftp_client.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/directory_traversal_in_softx_ftp_client.html"
}
]
}
}

160
2010/3xxx/CVE-2010-3149.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3149",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse qtcf.dll that is located in the same folder as an ADCP file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100825 Adobe Device Central CS5 DLL Hijacking Exploit (qtcf.dll)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513323/100/0/threaded"
},
{
"name" : "14755",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14755/"
},
{
"name" : "67533",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/67533"
},
{
"name" : "41118",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41118"
},
{
"name" : "ADV-2010-2196",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2196"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse qtcf.dll that is located in the same folder as an ADCP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2196",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2196"
},
{
"name": "20100825 Adobe Device Central CS5 DLL Hijacking Exploit (qtcf.dll)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513323/100/0/threaded"
},
{
"name": "41118",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41118"
},
{
"name": "67533",
"refsource": "OSVDB",
"url": "http://osvdb.org/67533"
},
{
"name": "14755",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14755/"
}
]
}
}

170
2010/3xxx/CVE-2010-3328.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-197/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-197/"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100113324",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100113324"
},
{
"name" : "MS10-071",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071"
},
{
"name" : "TA10-285A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name" : "43705",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43705"
},
{
"name" : "oval:org.mitre.oval:def:7059",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7059"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-071",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-197/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-197/"
},
{
"name": "43705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43705"
},
{
"name": "oval:org.mitre.oval:def:7059",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7059"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100113324",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100113324"
}
]
}
}

310
2010/4xxx/CVE-2010-4163.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101110 CVE request: kernel: Multiple DoS issues in block layer",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/10/18"
},
{
"name" : "[oss-security] 20101112 Re: CVE request: kernel: Multiple DoS issues in block layer",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/12/2"
},
{
"name" : "[oss-security] 20101129 Re: CVE request: kernel: Multiple DoS issues in block layer",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/29/1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9284bcf4e335e5f18a8bc7b26461c33ab60d0689",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9284bcf4e335e5f18a8bc7b26461c33ab60d0689"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=652957",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=652957"
},
{
"name" : "MDVSA-2011:029",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name" : "RHSA-2011:0007",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name" : "SUSE-SA:2011:001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
},
{
"name" : "SUSE-SA:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
},
{
"name" : "SUSE-SA:2011:004",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html"
},
{
"name" : "SUSE-SA:2011:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name" : "44793",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44793"
},
{
"name" : "42778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42778"
},
{
"name" : "42801",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42801"
},
{
"name" : "42932",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42932"
},
{
"name" : "42890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42890"
},
{
"name" : "ADV-2011-0012",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0012"
},
{
"name" : "ADV-2011-0124",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0124"
},
{
"name" : "ADV-2011-0298",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0298"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2011:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html"
},
{
"name": "42778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42778"
},
{
"name": "42801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42801"
},
{
"name": "SUSE-SA:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
},
{
"name": "44793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44793"
},
{
"name": "SUSE-SA:2011:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
},
{
"name": "42932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42932"
},
{
"name": "RHSA-2011:0007",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9284bcf4e335e5f18a8bc7b26461c33ab60d0689",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9284bcf4e335e5f18a8bc7b26461c33ab60d0689"
},
{
"name": "[oss-security] 20101129 Re: CVE request: kernel: Multiple DoS issues in block layer",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/29/1"
},
{
"name": "ADV-2011-0124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0124"
},
{
"name": "[oss-security] 20101110 CVE request: kernel: Multiple DoS issues in block layer",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/10/18"
},
{
"name": "SUSE-SA:2011:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name": "[oss-security] 20101112 Re: CVE request: kernel: Multiple DoS issues in block layer",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/12/2"
},
{
"name": "ADV-2011-0298",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0298"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2"
},
{
"name": "42890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42890"
},
{
"name": "ADV-2011-0012",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0012"
},
{
"name": "MDVSA-2011:029",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=652957",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=652957"
}
]
}
}

220
2010/4xxx/CVE-2010-4259.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4259",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15732",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15732"
},
{
"name" : "[oss-security] 20101202 CVE Request -- FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/02/5"
},
{
"name" : "[oss-security] 20101202 Re: CVE Request -- FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/02/8"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605537",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605537"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=659359",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=659359"
},
{
"name" : "DSA-2253",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2253"
},
{
"name" : "FEDORA-2010-18573",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052201.html"
},
{
"name" : "FEDORA-2010-18577",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052219.html"
},
{
"name" : "45162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45162"
},
{
"name" : "42577",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42577"
},
{
"name" : "ADV-2010-3200",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3200"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45162"
},
{
"name": "[oss-security] 20101202 Re: CVE Request -- FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/02/8"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605537",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605537"
},
{
"name": "DSA-2253",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2253"
},
{
"name": "FEDORA-2010-18577",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052219.html"
},
{
"name": "42577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42577"
},
{
"name": "FEDORA-2010-18573",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052201.html"
},
{
"name": "[oss-security] 20101202 CVE Request -- FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/02/5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=659359",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=659359"
},
{
"name": "15732",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15732"
},
{
"name": "ADV-2010-3200",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3200"
}
]
}
}

190
2010/4xxx/CVE-2010-4578.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to \"stale pointers.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=64959",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=64959"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html"
},
{
"name" : "DSA-2188",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2188"
},
{
"name" : "GLSA-201012-01",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml"
},
{
"name" : "SUSE-SR:2011:009",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name" : "45390",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45390"
},
{
"name" : "oval:org.mitre.oval:def:14323",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14323"
},
{
"name" : "42648",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42648"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to \"stale pointers.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "42648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42648"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=64959",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=64959"
},
{
"name": "45390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45390"
},
{
"name": "oval:org.mitre.oval:def:14323",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14323"
},
{
"name": "DSA-2188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2188"
},
{
"name": "GLSA-201012-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml"
}
]
}
}

180
2010/4xxx/CVE-2010-4631.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4631",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15448",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15448"
},
{
"name" : "20101107 ASPilot Pilot Cart 7.3 multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=128913521908405&w=2"
},
{
"name" : "http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html",
"refsource" : "MISC",
"url" : "http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html"
},
{
"name" : "http://packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt"
},
{
"name" : "44698",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44698"
},
{
"name" : "30176",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30176"
},
{
"name" : "pilotcart-multiple-xss(63053)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63053"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30176"
},
{
"name": "http://packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt"
},
{
"name": "pilotcart-multiple-xss(63053)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63053"
},
{
"name": "http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html",
"refsource": "MISC",
"url": "http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html"
},
{
"name": "15448",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15448"
},
{
"name": "44698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44698"
},
{
"name": "20101107 ASPilot Pilot Cart 7.3 multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=128913521908405&w=2"
}
]
}
}

130
2010/4xxx/CVE-2010-4839.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4839",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15513",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15513"
},
{
"name" : "42265",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42265"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42265"
},
{
"name": "15513",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15513"
}
]
}
}

230
2011/1xxx/CVE-2011-1577.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110413 [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517477/100/0/threaded"
},
{
"name" : "[mm-commits] 20110412 + fs-partitions-efic-corrupted-guid-partition-tables-can-cause-kernel-oops.patch added to -mm tree",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/mm-commits/msg83274.html"
},
{
"name" : "[oss-security] 20110412 CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/12/17"
},
{
"name" : "[oss-security] 20110413 Re: CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/13/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=695976",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=695976"
},
{
"name" : "http://downloads.avaya.com/css/P8/documents/100145416",
"refsource" : "CONFIRM",
"url" : "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name" : "FEDORA-2011-7823",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html"
},
{
"name" : "RHSA-2011:0833",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"name" : "47343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47343"
},
{
"name" : "1025355",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025355"
},
{
"name" : "8238",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8238"
},
{
"name" : "kernel-guid-dos(66773)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66773"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "kernel-guid-dos(66773)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66773"
},
{
"name": "1025355",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025355"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=695976",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695976"
},
{
"name": "[oss-security] 20110413 Re: CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/13/1"
},
{
"name": "47343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47343"
},
{
"name": "RHSA-2011:0833",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"name": "FEDORA-2011-7823",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html"
},
{
"name": "8238",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8238"
},
{
"name": "20110413 [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517477/100/0/threaded"
},
{
"name": "[mm-commits] 20110412 + fs-partitions-efic-corrupted-guid-partition-tables-can-cause-kernel-oops.patch added to -mm tree",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/mm-commits/msg83274.html"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100145416",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name": "[oss-security] 20110412 CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/12/17"
}
]
}
}

170
2011/1xxx/CVE-2011-1724.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1724",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Virtual Server Environment before 6.3 allows remote authenticated users to gain privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-1724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02665",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130339296506866&w=2"
},
{
"name" : "SSRT100185",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130339296506866&w=2"
},
{
"name" : "1025429",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025429"
},
{
"name" : "44227",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44227"
},
{
"name" : "8239",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8239"
},
{
"name" : "ADV-2011-1065",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1065"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Virtual Server Environment before 6.3 allows remote authenticated users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02665",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130339296506866&w=2"
},
{
"name": "44227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44227"
},
{
"name": "1025429",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025429"
},
{
"name": "8239",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8239"
},
{
"name": "ADV-2011-1065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1065"
},
{
"name": "SSRT100185",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130339296506866&w=2"
}
]
}
}

190
2011/1xxx/CVE-2011-1882.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1882",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/css/P8/documents/100144947",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100144947"
},
{
"name" : "MS11-054",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054"
},
{
"name" : "TA11-193A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
},
{
"name" : "48594",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48594"
},
{
"name" : "73782",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/73782"
},
{
"name" : "oval:org.mitre.oval:def:12738",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12738"
},
{
"name" : "1025761",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025761"
},
{
"name" : "45186",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45186"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73782",
"refsource": "OSVDB",
"url": "http://osvdb.org/73782"
},
{
"name": "MS11-054",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054"
},
{
"name": "http://support.avaya.com/css/P8/documents/100144947",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100144947"
},
{
"name": "TA11-193A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
},
{
"name": "oval:org.mitre.oval:def:12738",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12738"
},
{
"name": "45186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45186"
},
{
"name": "1025761",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025761"
},
{
"name": "48594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48594"
}
]
}
}

120
2011/5xxx/CVE-2011-5100.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10015",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10015"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10015",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10015"
}
]
}
}

160
2011/5xxx/CVE-2011-5168.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5168",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17919",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17919"
},
{
"name" : "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme",
"refsource" : "CONFIRM",
"url" : "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
},
{
"name" : "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit",
"refsource" : "CONFIRM",
"url" : "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
},
{
"name" : "49903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49903"
},
{
"name" : "83882",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/83882"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17919",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17919"
},
{
"name": "83882",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/83882"
},
{
"name": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme",
"refsource": "CONFIRM",
"url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
},
{
"name": "49903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49903"
},
{
"name": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit",
"refsource": "CONFIRM",
"url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
}
]
}
}

190
2011/5xxx/CVE-2011-5214.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5214",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html",
"refsource" : "MISC",
"url" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html"
},
{
"name" : "77728",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77728"
},
{
"name" : "77729",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77729"
},
{
"name" : "77730",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77730"
},
{
"name" : "77731",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77731"
},
{
"name" : "77732",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77732"
},
{
"name" : "47217",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47217"
},
{
"name" : "browsercrm-multiple-xss(71827)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71827"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77728",
"refsource": "OSVDB",
"url": "http://osvdb.org/77728"
},
{
"name": "77731",
"refsource": "OSVDB",
"url": "http://osvdb.org/77731"
},
{
"name": "77729",
"refsource": "OSVDB",
"url": "http://osvdb.org/77729"
},
{
"name": "browsercrm-multiple-xss(71827)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71827"
},
{
"name": "77730",
"refsource": "OSVDB",
"url": "http://osvdb.org/77730"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html"
},
{
"name": "77732",
"refsource": "OSVDB",
"url": "http://osvdb.org/77732"
},
{
"name": "47217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47217"
}
]
}
}

140
2014/3xxx/CVE-2014-3014.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3014",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671201",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671201"
},
{
"name" : "67597",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67597"
},
{
"name" : "sametime-cve20143014-xss(93025)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93025"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sametime-cve20143014-xss(93025)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93025"
},
{
"name": "67597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67597"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201"
}
]
}
}

160
2014/3xxx/CVE-2014-3189.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3189",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-3189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html"
},
{
"name" : "https://codereview.chromium.org/519873002/",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/519873002/"
},
{
"name" : "https://crbug.com/398384",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/398384"
},
{
"name" : "RHSA-2014:1626",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1626.html"
},
{
"name" : "70273",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.chromium.org/519873002/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/519873002/"
},
{
"name": "RHSA-2014:1626",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html"
},
{
"name": "https://crbug.com/398384",
"refsource": "CONFIRM",
"url": "https://crbug.com/398384"
},
{
"name": "70273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70273"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html"
}
]
}
}

170
2014/3xxx/CVE-2014-3682.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3682",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/droolsjbpm/jbpm-designer/commit/5641588c730cc75dc3b76c34b76271fbd407fb84",
"refsource" : "CONFIRM",
"url" : "https://github.com/droolsjbpm/jbpm-designer/commit/5641588c730cc75dc3b76c34b76271fbd407fb84"
},
{
"name" : "https://github.com/droolsjbpm/jbpm-designer/commit/69d8f6b7a099594bd0536f88d528753875857088",
"refsource" : "CONFIRM",
"url" : "https://github.com/droolsjbpm/jbpm-designer/commit/69d8f6b7a099594bd0536f88d528753875857088"
},
{
"name" : "https://github.com/droolsjbpm/jbpm-designer/commit/be3968d51299f6de0011324be60223ede49ecb1c",
"refsource" : "CONFIRM",
"url" : "https://github.com/droolsjbpm/jbpm-designer/commit/be3968d51299f6de0011324be60223ede49ecb1c"
},
{
"name" : "https://github.com/droolsjbpm/jbpm-designer/commit/e4691214a100718c3b1c9b93d4db466672ba0be3",
"refsource" : "CONFIRM",
"url" : "https://github.com/droolsjbpm/jbpm-designer/commit/e4691214a100718c3b1c9b93d4db466672ba0be3"
},
{
"name" : "RHSA-2015:0234",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0234.html"
},
{
"name" : "RHSA-2015:0235",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0235.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/droolsjbpm/jbpm-designer/commit/5641588c730cc75dc3b76c34b76271fbd407fb84",
"refsource": "CONFIRM",
"url": "https://github.com/droolsjbpm/jbpm-designer/commit/5641588c730cc75dc3b76c34b76271fbd407fb84"
},
{
"name": "RHSA-2015:0234",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0234.html"
},
{
"name": "RHSA-2015:0235",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0235.html"
},
{
"name": "https://github.com/droolsjbpm/jbpm-designer/commit/69d8f6b7a099594bd0536f88d528753875857088",
"refsource": "CONFIRM",
"url": "https://github.com/droolsjbpm/jbpm-designer/commit/69d8f6b7a099594bd0536f88d528753875857088"
},
{
"name": "https://github.com/droolsjbpm/jbpm-designer/commit/e4691214a100718c3b1c9b93d4db466672ba0be3",
"refsource": "CONFIRM",
"url": "https://github.com/droolsjbpm/jbpm-designer/commit/e4691214a100718c3b1c9b93d4db466672ba0be3"
},
{
"name": "https://github.com/droolsjbpm/jbpm-designer/commit/be3968d51299f6de0011324be60223ede49ecb1c",
"refsource": "CONFIRM",
"url": "https://github.com/droolsjbpm/jbpm-designer/commit/be3968d51299f6de0011324be60223ede49ecb1c"
}
]
}
}

130
2014/3xxx/CVE-2014-3735.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/126640/Intel-Ideo-Video-4.5-Memory-Corruption.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/126640/Intel-Ideo-Video-4.5-Memory-Corruption.html"
},
{
"name" : "67431",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67431"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126640/Intel-Ideo-Video-4.5-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126640/Intel-Ideo-Video-4.5-Memory-Corruption.html"
},
{
"name": "67431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67431"
}
]
}
}

130
2014/3xxx/CVE-2014-3820.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10645",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10645"
},
{
"name" : "1030852",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030852"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10645",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10645"
},
{
"name": "1030852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030852"
}
]
}
}

34
2014/3xxx/CVE-2014-3874.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3874",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3874",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/7xxx/CVE-2014-7434.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7434",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RTSinfo (aka ch.rts.rtsinfo) application 1.4.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#200577",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/200577"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RTSinfo (aka ch.rts.rtsinfo) application 1.4.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#200577",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/200577"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7439.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bene+ odmeny a slevy (aka cz.gemoney.bene.android) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#356865",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/356865"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bene+ odmeny a slevy (aka cz.gemoney.bene.android) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#356865",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/356865"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

150
2014/7xxx/CVE-2014-7846.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7846",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141117 Moodle security issues are now public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/11/17/11"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=275157",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=275157"
},
{
"name" : "1031215",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031215"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031215"
},
{
"name": "[oss-security] 20141117 Moodle security issues are now public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/11/17/11"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=275157",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=275157"
}
]
}
}

34
2014/8xxx/CVE-2014-8229.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8229",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8229",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

160
2014/8xxx/CVE-2014-8333.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8333",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[openstack-announce] 20141021 [OSSA 2014-037] Nova VMware instance in resize state may leak (CVE-2014-8333)",
"refsource" : "MLIST",
"url" : "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html"
},
{
"name" : "https://bugs.launchpad.net/nova/+bug/1359138",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/nova/+bug/1359138"
},
{
"name" : "RHSA-2015:0843",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0843.html"
},
{
"name" : "RHSA-2015:0844",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0844.html"
},
{
"name" : "60531",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60531"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60531"
},
{
"name": "https://bugs.launchpad.net/nova/+bug/1359138",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1359138"
},
{
"name": "RHSA-2015:0844",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html"
},
{
"name": "[openstack-announce] 20141021 [OSSA 2014-037] Nova VMware instance in resize state may leak (CVE-2014-8333)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html"
},
{
"name": "RHSA-2015:0843",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html"
}
]
}
}

120
2014/8xxx/CVE-2014-8452.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8452",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-8452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://helpx.adobe.com/security/products/reader/apsb14-28.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/reader/apsb14-28.html"
}
]
}
}

280
2014/8xxx/CVE-2014-8502.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141031 Re: strings / libbfd crasher",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/31/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1162594",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1162594"
},
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17512",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17512"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "FEDORA-2014-14838",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html"
},
{
"name" : "FEDORA-2014-14963",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html"
},
{
"name" : "FEDORA-2014-14995",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html"
},
{
"name" : "FEDORA-2014-17586",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html"
},
{
"name" : "FEDORA-2014-17603",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html"
},
{
"name" : "FEDORA-2015-0471",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html"
},
{
"name" : "GLSA-201612-24",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-24"
},
{
"name" : "MDVSA-2015:029",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029"
},
{
"name" : "USN-2496-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2496-1"
},
{
"name" : "70869",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70869"
},
{
"name" : "62241",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62241"
},
{
"name" : "62746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62746"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62241"
},
{
"name": "MDVSA-2015:029",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029"
},
{
"name": "70869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70869"
},
{
"name": "USN-2496-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2496-1"
},
{
"name": "FEDORA-2014-14995",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1162594",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1162594"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17512",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17512"
},
{
"name": "FEDORA-2014-17603",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html"
},
{
"name": "FEDORA-2014-14963",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html"
},
{
"name": "FEDORA-2015-0471",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html"
},
{
"name": "62746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62746"
},
{
"name": "[oss-security] 20141031 Re: strings / libbfd crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/31/1"
},
{
"name": "FEDORA-2014-14838",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html"
},
{
"name": "FEDORA-2014-17586",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html"
},
{
"name": "GLSA-201612-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-24"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339"
}
]
}
}

130
2014/8xxx/CVE-2014-8512.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
},
{
"name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
"refsource" : "CONFIRM",
"url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
}
]
}
}

150
2014/8xxx/CVE-2014-8668.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8668",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource" : "MISC",
"url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name" : "http://service.sap.com/sap/support/notes/0002022179",
"refsource" : "MISC",
"url" : "http://service.sap.com/sap/support/notes/0002022179"
},
{
"name" : "71032",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71032"
},
{
"name" : "sap-contract-cve20148668-sql-injection(98612)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98612"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71032"
},
{
"name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name": "http://service.sap.com/sap/support/notes/0002022179",
"refsource": "MISC",
"url": "http://service.sap.com/sap/support/notes/0002022179"
},
{
"name": "sap-contract-cve20148668-sql-injection(98612)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98612"
}
]
}
}

34
2014/9xxx/CVE-2014-9009.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9009",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9009",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/9xxx/CVE-2014-9141.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35423",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35423"
},
{
"name" : "http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html",
"refsource" : "MISC",
"url" : "http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35423",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35423"
},
{
"name": "http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html",
"refsource": "MISC",
"url": "http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html"
}
]
}
}

220
2014/9xxx/CVE-2014-9620.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9620",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[File] 20141216 file 5.21 is now available",
"refsource" : "MLIST",
"url" : "http://mx.gw.com/pipermail/file/2014/001653.html"
},
{
"name" : "[File] 20150102 file 5.22 is now available",
"refsource" : "MLIST",
"url" : "http://mx.gw.com/pipermail/file/2015/001660.html"
},
{
"name" : "[oss-security] 20150117 Re: CVE request: file(1) DoS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/17/9"
},
{
"name" : "https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4",
"refsource" : "CONFIRM",
"url" : "https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4"
},
{
"name" : "http://advisories.mageia.org/MGASA-2015-0040.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2015-0040.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "DSA-3121",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3121"
},
{
"name" : "GLSA-201503-08",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-08"
},
{
"name" : "RHSA-2016:0760",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"name" : "USN-3686-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3686-1/"
},
{
"name" : "71715",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71715"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150117 Re: CVE request: file(1) DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/17/9"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-3686-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3686-1/"
},
{
"name": "RHSA-2016:0760",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"name": "https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4"
},
{
"name": "[File] 20150102 file 5.22 is now available",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2015/001660.html"
},
{
"name": "71715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71715"
},
{
"name": "[File] 20141216 file 5.21 is now available",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2014/001653.html"
},
{
"name": "DSA-3121",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3121"
},
{
"name": "GLSA-201503-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-08"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0040.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0040.html"
}
]
}
}

150
2014/9xxx/CVE-2014-9825.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1"
},
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=69490f5cffbda612e15a2985699455bb0b45e276",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=69490f5cffbda612e15a2985699455bb0b45e276"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343481",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/24/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343481",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343481"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=69490f5cffbda612e15a2985699455bb0b45e276",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=69490f5cffbda612e15a2985699455bb0b45e276"
}
]
}
}

130
2016/2xxx/CVE-2016-2024.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05158380",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05158380"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05158380",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05158380"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
}
]
}
}

300
2016/2xxx/CVE-2016-2187.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2187",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1317017",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1317017"
},
{
"name" : "https://github.com/torvalds/linux/commit/162f98dea487206d9ab79fc12ed64700667a894d",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/162f98dea487206d9ab79fc12ed64700667a894d"
},
{
"name" : "DSA-3607",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3607"
},
{
"name" : "SUSE-SU-2016:1672",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name" : "SUSE-SU-2016:1985",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name" : "USN-2996-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name" : "USN-2997-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name" : "USN-2989-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name" : "USN-2998-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name" : "USN-3000-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name" : "USN-3001-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name" : "USN-3002-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name" : "USN-3003-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name" : "USN-3004-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name" : "USN-3005-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name" : "USN-3006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name" : "USN-3007-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name" : "85425",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/85425"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "https://github.com/torvalds/linux/commit/162f98dea487206d9ab79fc12ed64700667a894d",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/162f98dea487206d9ab79fc12ed64700667a894d"
},
{
"name": "USN-3005-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "85425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85425"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "USN-3007-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "USN-3003-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "USN-2998-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317017",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317017"
}
]
}
}

34
2016/2xxx/CVE-2016-2588.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2588",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2588",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

120
2016/2xxx/CVE-2016-2872.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2872",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985775",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985775"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21985775",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985775"
}
]
}
}

130
2016/2xxx/CVE-2016-2889.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983147",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983147"
},
{
"name" : "91766",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91766"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91766"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983147",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983147"
}
]
}
}

150
2016/2xxx/CVE-2016-2953.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2953",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990888",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990888"
},
{
"name" : "LO90268",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO90268"
},
{
"name" : "LO90295",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO90295"
},
{
"name" : "94415",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94415"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "LO90295",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO90295"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990888",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990888"
},
{
"name": "94415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94415"
},
{
"name": "LO90268",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO90268"
}
]
}
}

140
2016/6xxx/CVE-2016-6152.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6152",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160721-01-security-notice-for-ca-ehealth.aspx",
"refsource" : "CONFIRM",
"url" : "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160721-01-security-notice-for-ca-ehealth.aspx"
},
{
"name" : "92107",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92107"
},
{
"name" : "1036433",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036433"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160721-01-security-notice-for-ca-ehealth.aspx",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160721-01-security-notice-for-ca-ehealth.aspx"
},
{
"name": "1036433",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036433"
},
{
"name": "92107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92107"
}
]
}
}

170
2016/6xxx/CVE-2016-6233.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\\w]* in a regular expression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-6233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://framework.zend.com/security/advisory/ZF2016-02",
"refsource" : "CONFIRM",
"url" : "https://framework.zend.com/security/advisory/ZF2016-02"
},
{
"name" : "FEDORA-2016-666d95d1d5",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/"
},
{
"name" : "FEDORA-2016-77e5105570",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/"
},
{
"name" : "FEDORA-2016-7f193a0c59",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/"
},
{
"name" : "GLSA-201804-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201804-10"
},
{
"name" : "91802",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91802"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\\w]* in a regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-666d95d1d5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/"
},
{
"name": "GLSA-201804-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"name": "FEDORA-2016-7f193a0c59",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/"
},
{
"name": "FEDORA-2016-77e5105570",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/"
},
{
"name": "https://framework.zend.com/security/advisory/ZF2016-02",
"refsource": "CONFIRM",
"url": "https://framework.zend.com/security/advisory/ZF2016-02"
},
{
"name": "91802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91802"
}
]
}
}

160
2016/6xxx/CVE-2016-6254.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6254",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://collectd.org/news.shtml",
"refsource" : "CONFIRM",
"url" : "http://collectd.org/news.shtml"
},
{
"name" : "https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18",
"refsource" : "CONFIRM",
"url" : "https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18"
},
{
"name" : "DSA-3636",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3636"
},
{
"name" : "FEDORA-2016-23f0d552e8",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CM4W5SJ4OTBGINGIN4NJLXCUZAZANO6J/"
},
{
"name" : "FEDORA-2016-e16a14ffc5",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIZ5UXDOB7BA5NGE2F2I2BL4K6763DHW/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18",
"refsource": "CONFIRM",
"url": "https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18"
},
{
"name": "FEDORA-2016-e16a14ffc5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIZ5UXDOB7BA5NGE2F2I2BL4K6763DHW/"
},
{
"name": "DSA-3636",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3636"
},
{
"name": "http://collectd.org/news.shtml",
"refsource": "CONFIRM",
"url": "http://collectd.org/news.shtml"
},
{
"name": "FEDORA-2016-23f0d552e8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CM4W5SJ4OTBGINGIN4NJLXCUZAZANO6J/"
}
]
}
}

140
2016/6xxx/CVE-2016-6371.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160831 Cisco Hosted Collaboration Mediation Fulfillment Directory Traversal File System Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcmf"
},
{
"name" : "92705",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92705"
},
{
"name" : "1036719",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036719"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92705"
},
{
"name": "20160831 Cisco Hosted Collaboration Mediation Fulfillment Directory Traversal File System Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcmf"
},
{
"name": "1036719",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036719"
}
]
}
}

130
2016/6xxx/CVE-2016-6470.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6470",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Hybrid Media Service",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Hybrid Media Service"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb81344. Known Affected Releases: 1.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Hybrid Media Service",
"version": {
"version_data": [
{
"version_value": "Cisco Hybrid Media Service"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms"
},
{
"name" : "94818",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94818"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb81344. Known Affected Releases: 1.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms"
},
{
"name": "94818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94818"
}
]
}
}

130
2016/6xxx/CVE-2016-6838.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6838",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en"
},
{
"name" : "92503",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92503"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92503"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en"
}
]
}
}

34
2016/7xxx/CVE-2016-7025.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7025",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7025",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/7xxx/CVE-2016-7608.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"IOFireWireFamily\" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
},
{
"name" : "94903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94903"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"IOFireWireFamily\" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}

130
2017/5xxx/CVE-2017-5051.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5051",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "integer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/679641",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/679641"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/679641",
"refsource": "CONFIRM",
"url": "https://crbug.com/679641"
}
]
}
}

150
2017/5xxx/CVE-2017-5226.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1411811",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1411811"
},
{
"name" : "https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117",
"refsource" : "CONFIRM",
"url" : "https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117"
},
{
"name" : "https://github.com/projectatomic/bubblewrap/issues/142",
"refsource" : "CONFIRM",
"url" : "https://github.com/projectatomic/bubblewrap/issues/142"
},
{
"name" : "97260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97260"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/projectatomic/bubblewrap/issues/142",
"refsource": "CONFIRM",
"url": "https://github.com/projectatomic/bubblewrap/issues/142"
},
{
"name": "97260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97260"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1411811",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411811"
},
{
"name": "https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117",
"refsource": "CONFIRM",
"url": "https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117"
}
]
}
}

140
2017/5xxx/CVE-2017-5368.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5368",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/bugtraq/2017/Feb/6",
"refsource" : "MISC",
"url" : "http://seclists.org/bugtraq/2017/Feb/6"
},
{
"name" : "http://seclists.org/fulldisclosure/2017/Feb/11",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Feb/11"
},
{
"name" : "96126",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Feb/11",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Feb/11"
},
{
"name": "96126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96126"
},
{
"name": "http://seclists.org/bugtraq/2017/Feb/6",
"refsource": "MISC",
"url": "http://seclists.org/bugtraq/2017/Feb/6"
}
]
}
}