admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:30:44 +00:00
parent bc70974a75
commit 2c245ee107
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 3924 additions and 3924 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/0xxx/CVE-2006-0389.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0389",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=303382",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=303382"
},
{
"name" : "APPLE-SA-2006-03-01",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"
},
{
"name" : "TA06-062A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
},
{
"name" : "16907",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16907"
},
{
"name" : "ADV-2006-0791",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0791"
},
{
"name" : "23649",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23649"
},
{
"name" : "19064",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19064"
},
{
"name" : "macosx-syndication-xss(25040)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25040"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "macosx-syndication-xss(25040)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25040"
},
{
"name": "23649",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23649"
},
{
"name": "19064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19064"
},
{
"name": "16907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16907"
},
{
"name": "ADV-2006-0791",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0791"
},
{
"name": "APPLE-SA-2006-03-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"
},
{
"name": "TA06-062A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=303382",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=303382"
}
]
}
}

170
2006/0xxx/CVE-2006-0783.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060216 Siteframe Beaumont 5.0.2 <== User Comment Cross-Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425180/100/0/threaded"
},
{
"name" : "16695",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16695"
},
{
"name" : "23267",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23267"
},
{
"name" : "18892",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18892"
},
{
"name" : "443",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/443"
},
{
"name" : "siteframe-comment-xss(24836)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24836"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060216 Siteframe Beaumont 5.0.2 <== User Comment Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425180/100/0/threaded"
},
{
"name": "siteframe-comment-xss(24836)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24836"
},
{
"name": "443",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/443"
},
{
"name": "18892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18892"
},
{
"name": "23267",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23267"
},
{
"name": "16695",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16695"
}
]
}
}

160
2006/0xxx/CVE-2006-0822.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0822",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 allows remote attackers to cause a denial of service (probably resource consumption) via a crafted packet that causes a \"ghost game\" to be left on the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=394690&group_id=127754",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=394690&group_id=127754"
},
{
"name" : "16733",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16733"
},
{
"name" : "ADV-2006-0665",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0665"
},
{
"name" : "18938",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18938"
},
{
"name" : "emulinker-packet-handling-dos(24784)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24784"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 allows remote attackers to cause a denial of service (probably resource consumption) via a crafted packet that causes a \"ghost game\" to be left on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18938"
},
{
"name": "16733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16733"
},
{
"name": "emulinker-packet-handling-dos(24784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24784"
},
{
"name": "ADV-2006-0665",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0665"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=394690&group_id=127754",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=394690&group_id=127754"
}
]
}
}

250
2006/0xxx/CVE-2006-0898.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0898",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060223 Vulnerability in Crypt::CBC Perl module, versions <= 2.16",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425966/100/0/threaded"
},
{
"name" : "DSA-996",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-996"
},
{
"name" : "GLSA-200603-15",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml"
},
{
"name" : "RHSA-2008:0261",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name" : "RHSA-2008:0630",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
},
{
"name" : "SUSE-SR:2006:015",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"name" : "16802",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16802"
},
{
"name" : "18755",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18755"
},
{
"name" : "19187",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19187"
},
{
"name" : "19303",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19303"
},
{
"name" : "20899",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20899"
},
{
"name" : "31493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31493"
},
{
"name" : "488",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/488"
},
{
"name" : "crypt-cbc-header-weak-encryption(24954)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24954"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20899"
},
{
"name": "RHSA-2008:0630",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
},
{
"name": "31493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31493"
},
{
"name": "GLSA-200603-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml"
},
{
"name": "19187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19187"
},
{
"name": "488",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/488"
},
{
"name": "DSA-996",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-996"
},
{
"name": "20060223 Vulnerability in Crypt::CBC Perl module, versions <= 2.16",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425966/100/0/threaded"
},
{
"name": "SUSE-SR:2006:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"name": "19303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19303"
},
{
"name": "18755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18755"
},
{
"name": "16802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16802"
},
{
"name": "RHSA-2008:0261",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "crypt-cbc-header-weak-encryption(24954)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24954"
}
]
}
}

230
2006/1xxx/CVE-2006-1017.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1017",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060228 (PHP) imap functions bypass safemode and open_basedir restrictions",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426339/100/0/threaded"
},
{
"name" : "http://bugs.php.net/bug.php?id=37265",
"refsource" : "CONFIRM",
"url" : "http://bugs.php.net/bug.php?id=37265"
},
{
"name" : "http://www.php.net/ChangeLog-5.php#5.1.5",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php#5.1.5"
},
{
"name" : "http://www.php.net/release_5_1_5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/release_5_1_5.php"
},
{
"name" : "MDKSA-2006:122",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
},
{
"name" : "ADV-2006-0772",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0772"
},
{
"name" : "23535",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23535"
},
{
"name" : "18694",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18694"
},
{
"name" : "21050",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21050"
},
{
"name" : "21546",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21546"
},
{
"name" : "516",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/516"
},
{
"name" : "php-imap-restriction-bypass(24964)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24964"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0772",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0772"
},
{
"name": "http://www.php.net/release_5_1_5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/release_5_1_5.php"
},
{
"name": "23535",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23535"
},
{
"name": "21050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21050"
},
{
"name": "516",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/516"
},
{
"name": "21546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21546"
},
{
"name": "MDKSA-2006:122",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
},
{
"name": "http://bugs.php.net/bug.php?id=37265",
"refsource": "CONFIRM",
"url": "http://bugs.php.net/bug.php?id=37265"
},
{
"name": "php-imap-restriction-bypass(24964)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24964"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.1.5",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.1.5"
},
{
"name": "20060228 (PHP) imap functions bypass safemode and open_basedir restrictions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426339/100/0/threaded"
},
{
"name": "18694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18694"
}
]
}
}

180
2006/1xxx/CVE-2006-1271.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1271",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060316 Oxynews Sql &#304;njection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/428057/100/0/threaded"
},
{
"name" : "http://biyosecurity.be/bugs/oxynews.txt",
"refsource" : "MISC",
"url" : "http://biyosecurity.be/bugs/oxynews.txt"
},
{
"name" : "17132",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17132"
},
{
"name" : "ADV-2006-0976",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0976"
},
{
"name" : "23940",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23940"
},
{
"name" : "19255",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19255"
},
{
"name" : "oxynews-index-sql-injection(25301)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25301"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23940",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23940"
},
{
"name": "17132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17132"
},
{
"name": "19255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19255"
},
{
"name": "20060316 Oxynews Sql &#304;njection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428057/100/0/threaded"
},
{
"name": "oxynews-index-sql-injection(25301)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25301"
},
{
"name": "http://biyosecurity.be/bugs/oxynews.txt",
"refsource": "MISC",
"url": "http://biyosecurity.be/bugs/oxynews.txt"
},
{
"name": "ADV-2006-0976",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0976"
}
]
}
}

190
2006/1xxx/CVE-2006-1523.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1523",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20060411 [PATCH] __group_complete_signal: remove bogus BUG_ON",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-kernel&m=114476543426600&w=2"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604"
},
{
"name" : "DSA-1103",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1103"
},
{
"name" : "SUSE-SA:2006:028",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name" : "17640",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17640"
},
{
"name" : "ADV-2006-2554",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name" : "20914",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20914"
},
{
"name" : "20398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20398"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2554",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name": "[linux-kernel] 20060411 [PATCH] __group_complete_signal: remove bogus BUG_ON",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel&m=114476543426600&w=2"
},
{
"name": "SUSE-SA:2006:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name": "DSA-1103",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1103"
},
{
"name": "20398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20398"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604"
},
{
"name": "17640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17640"
},
{
"name": "20914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20914"
}
]
}
}

160
2006/1xxx/CVE-2006-1907.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1907",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-1384",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1384"
},
{
"name" : "24720",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24720"
},
{
"name" : "24721",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24721"
},
{
"name" : "19680",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19680"
},
{
"name" : "myevent-addevent-del-sql-injection(25886)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25886"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24721",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24721"
},
{
"name": "19680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19680"
},
{
"name": "myevent-addevent-del-sql-injection(25886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25886"
},
{
"name": "24720",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24720"
},
{
"name": "ADV-2006-1384",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1384"
}
]
}
}

160
2006/5xxx/CVE-2006-5226.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in moteur/moteur.php in Prologin.fr Freenews 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061008 Freenews v1.1 <= (chemin) Remote File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448019/100/0/threaded"
},
{
"name" : "2490",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2490"
},
{
"name" : "20405",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20405"
},
{
"name" : "1704",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1704"
},
{
"name" : "freenews-moteur-file-include(29395)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29395"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in moteur/moteur.php in Prologin.fr Freenews 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2490",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2490"
},
{
"name": "1704",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1704"
},
{
"name": "20405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20405"
},
{
"name": "freenews-moteur-file-include(29395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29395"
},
{
"name": "20061008 Freenews v1.1 <= (chemin) Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448019/100/0/threaded"
}
]
}
}

160
2006/5xxx/CVE-2006-5652.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5652",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061031 Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by \"Sun\"",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450184/100/0/threaded"
},
{
"name" : "20061031 Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by \"Sun\"",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html"
},
{
"name" : "20838",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20838"
},
{
"name" : "1806",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1806"
},
{
"name" : "sun-messaging-expression-xss(29929)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sun-messaging-expression-xss(29929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29929"
},
{
"name": "20838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20838"
},
{
"name": "20061031 Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by \"Sun\"",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html"
},
{
"name": "20061031 Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by \"Sun\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450184/100/0/threaded"
},
{
"name": "1806",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1806"
}
]
}
}

140
2006/5xxx/CVE-2006-5923.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in Chris Mac gtcatalog (aka GimeScripts Shopping Catalog) 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the custom parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061120 Shopping_Catalog Remote File Include exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452114/100/200/threaded"
},
{
"name" : "2745",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2745"
},
{
"name" : "20979",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20979"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in Chris Mac gtcatalog (aka GimeScripts Shopping Catalog) 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the custom parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20979"
},
{
"name": "20061120 Shopping_Catalog Remote File Include exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452114/100/200/threaded"
},
{
"name": "2745",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2745"
}
]
}
}

140
2006/5xxx/CVE-2006-5979.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5979",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-4559",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4559"
},
{
"name" : "22859",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22859"
},
{
"name" : "netjetserver-permissions-info-disclosure(30338)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30338"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netjetserver-permissions-info-disclosure(30338)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30338"
},
{
"name": "22859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22859"
},
{
"name": "ADV-2006-4559",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4559"
}
]
}
}

300
2010/0xxx/CVE-2010-0053.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0053",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4070",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4070"
},
{
"name" : "http://support.apple.com/kb/HT4225",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4225"
},
{
"name" : "APPLE-SA-2010-03-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2010-06-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name" : "FEDORA-2010-8360",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html"
},
{
"name" : "FEDORA-2010-8379",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html"
},
{
"name" : "FEDORA-2010-8423",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html"
},
{
"name" : "MDVSA-2011:039",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-1006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name" : "38671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38671"
},
{
"name" : "62948",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62948"
},
{
"name" : "oval:org.mitre.oval:def:7323",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7323"
},
{
"name" : "1023708",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023708"
},
{
"name" : "41856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41856"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-2722",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "ADV-2011-0552",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "APPLE-SA-2010-03-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "1023708",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023708"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "FEDORA-2010-8360",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html"
},
{
"name": "oval:org.mitre.oval:def:7323",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7323"
},
{
"name": "http://support.apple.com/kb/HT4070",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4070"
},
{
"name": "62948",
"refsource": "OSVDB",
"url": "http://osvdb.org/62948"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "FEDORA-2010-8379",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "38671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38671"
},
{
"name": "FEDORA-2010-8423",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html"
}
]
}
}

150
2010/0xxx/CVE-2010-0135.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0135",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), as used in Autonomy KeyView 10.4 and 10.9 and possibly other products, allows remote attackers to execute arbitrary code via unspecified vectors related to \"data blocks.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-0135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2010-31/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-31/"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21440812",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"
},
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"
},
{
"name" : "41928",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), as used in Autonomy KeyView 10.4 and 10.9 and possibly other products, allows remote attackers to execute arbitrary code via unspecified vectors related to \"data blocks.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"
},
{
"name": "41928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41928"
},
{
"name": "http://secunia.com/secunia_research/2010-31/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-31/"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"
}
]
}
}

270
2010/0xxx/CVE-2010-0544.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0544",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4196",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4196"
},
{
"name" : "http://support.apple.com/kb/HT4220",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4220"
},
{
"name" : "http://support.apple.com/kb/HT4225",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4225"
},
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "APPLE-SA-2010-06-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
},
{
"name" : "APPLE-SA-2010-06-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
},
{
"name" : "APPLE-SA-2010-06-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "40620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40620"
},
{
"name" : "oval:org.mitre.oval:def:6656",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6656"
},
{
"name" : "1024067",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024067"
},
{
"name" : "40105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40105"
},
{
"name" : "40196",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40196"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
},
{
"name" : "ADV-2010-1373",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1373"
},
{
"name" : "ADV-2010-1512",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1512"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4220",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4220"
},
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "APPLE-SA-2010-06-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
},
{
"name": "40196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40196"
},
{
"name": "40105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40105"
},
{
"name": "ADV-2010-1373",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1373"
},
{
"name": "oval:org.mitre.oval:def:6656",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6656"
},
{
"name": "APPLE-SA-2010-06-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2010-1512",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1512"
},
{
"name": "40620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40620"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "1024067",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024067"
},
{
"name": "http://support.apple.com/kb/HT4196",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4196"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

180
2010/0xxx/CVE-2010-0825.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2010-0825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.launchpad.net/ubuntu/+bug/531569",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+bug/531569"
},
{
"name" : "MDVSA-2010:083",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:083"
},
{
"name" : "USN-919-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-919-1"
},
{
"name" : "39155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39155"
},
{
"name" : "ADV-2010-0734",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0734"
},
{
"name" : "ADV-2010-0952",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0952"
},
{
"name" : "emacs-emailhelper-symlink(57457)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57457"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2010:083",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:083"
},
{
"name": "emacs-emailhelper-symlink(57457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57457"
},
{
"name": "USN-919-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-919-1"
},
{
"name": "39155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39155"
},
{
"name": "ADV-2010-0734",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0734"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+bug/531569",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+bug/531569"
},
{
"name": "ADV-2010-0952",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0952"
}
]
}
}

120
2010/2xxx/CVE-2010-2218.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2218",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to a \"JS method issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-19.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-19.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to a \"JS method issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-19.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-19.html"
}
]
}
}

140
2010/3xxx/CVE-2010-3210.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3210",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14835",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14835"
},
{
"name" : "http://packetstormsecurity.org/1008-exploits/mlecomsys-rfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1008-exploits/mlecomsys-rfi.txt"
},
{
"name" : "mlecs-multiple-file-include(61464)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61464"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1008-exploits/mlecomsys-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1008-exploits/mlecomsys-rfi.txt"
},
{
"name": "mlecs-multiple-file-include(61464)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61464"
},
{
"name": "14835",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14835"
}
]
}
}

170
2010/3xxx/CVE-2010-3294.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100914 CVE request: xss in pecl-apc before 3.1.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/14/1"
},
{
"name" : "[oss-security] 20100914 Re: CVE request: xss in pecl-apc before 3.1.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/14/6"
},
{
"name" : "[oss-security] 20100914 Re: CVE request: xss in pecl-apc before 3.1.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/14/8"
},
{
"name" : "http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4",
"refsource" : "CONFIRM",
"url" : "http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4"
},
{
"name" : "RHSA-2012:0811",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0811.html"
},
{
"name" : "ADV-2010-2406",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2406"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4",
"refsource": "CONFIRM",
"url": "http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4"
},
{
"name": "ADV-2010-2406",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2406"
},
{
"name": "[oss-security] 20100914 Re: CVE request: xss in pecl-apc before 3.1.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/6"
},
{
"name": "RHSA-2012:0811",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0811.html"
},
{
"name": "[oss-security] 20100914 CVE request: xss in pecl-apc before 3.1.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/1"
},
{
"name": "[oss-security] 20100914 Re: CVE request: xss in pecl-apc before 3.1.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/8"
}
]
}
}

200
2010/3xxx/CVE-2010-3474.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3474",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21446455",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21446455"
},
{
"name" : "IC68015",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015"
},
{
"name" : "43291",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43291"
},
{
"name" : "68121",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/68121"
},
{
"name" : "oval:org.mitre.oval:def:14669",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669"
},
{
"name" : "1024457",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024457"
},
{
"name" : "41444",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41444"
},
{
"name" : "ADV-2010-2425",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2425"
},
{
"name" : "ibm-db2-public-security-bypass(61872)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61872"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43291"
},
{
"name": "oval:org.mitre.oval:def:14669",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669"
},
{
"name": "ibm-db2-public-security-bypass(61872)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61872"
},
{
"name": "IC68015",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015"
},
{
"name": "ADV-2010-2425",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2425"
},
{
"name": "1024457",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024457"
},
{
"name": "41444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41444"
},
{
"name": "68121",
"refsource": "OSVDB",
"url": "http://osvdb.org/68121"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21446455",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21446455"
}
]
}
}

140
2010/4xxx/CVE-2010-4362.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15629",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15629"
},
{
"name" : "45089",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45089"
},
{
"name" : "41319",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41319"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15629",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15629"
},
{
"name": "45089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45089"
},
{
"name": "41319",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41319"
}
]
}
}

270
2010/4xxx/CVE-2010-4473.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4462."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"
},
{
"name" : "HPSBMU02797",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBUX02777",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name" : "SSRT100854",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name" : "SSRT100867",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "RHSA-2011:0282",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0282.html"
},
{
"name" : "RHSA-2011:0880",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"name" : "SUSE-SA:2011:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html"
},
{
"name" : "SUSE-SU-2011:0823",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html"
},
{
"name" : "oval:org.mitre.oval:def:12952",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12952"
},
{
"name" : "oval:org.mitre.oval:def:14119",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14119"
},
{
"name" : "44954",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44954"
},
{
"name" : "49198",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49198"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4462."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "SUSE-SU-2011:0823",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"
},
{
"name": "oval:org.mitre.oval:def:12952",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12952"
},
{
"name": "44954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44954"
},
{
"name": "RHSA-2011:0880",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"name": "RHSA-2011:0282",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "49198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49198"
},
{
"name": "oval:org.mitre.oval:def:14119",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14119"
},
{
"name": "SUSE-SA:2011:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html"
},
{
"name": "HPSBUX02777",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name": "SSRT100854",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
}
]
}
}

140
2010/4xxx/CVE-2010-4610.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4610",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15800",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15800"
},
{
"name" : "http://www.htbridge.ch/advisory/xss_in_html_edit_cms.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/xss_in_html_edit_cms.html"
},
{
"name" : "42664",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42664"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15800",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15800"
},
{
"name": "http://www.htbridge.ch/advisory/xss_in_html_edit_cms.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_in_html_edit_cms.html"
},
{
"name": "42664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42664"
}
]
}
}

170
2014/10xxx/CVE-2014-10029.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10029",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141121 FluxBB <= 1.5.6 SQL Injection",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/73"
},
{
"name" : "http://packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html"
},
{
"name" : "http://fluxbb.org/forums/viewtopic.php?id=8001",
"refsource" : "CONFIRM",
"url" : "http://fluxbb.org/forums/viewtopic.php?id=8001"
},
{
"name" : "https://fluxbb.org/development/core/tickets/990/",
"refsource" : "CONFIRM",
"url" : "https://fluxbb.org/development/core/tickets/990/"
},
{
"name" : "59038",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59038"
},
{
"name" : "fluxbb-profile-sql-injection(98890)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98890"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://fluxbb.org/forums/viewtopic.php?id=8001",
"refsource": "CONFIRM",
"url": "http://fluxbb.org/forums/viewtopic.php?id=8001"
},
{
"name": "http://packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html"
},
{
"name": "59038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59038"
},
{
"name": "20141121 FluxBB <= 1.5.6 SQL Injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/73"
},
{
"name": "fluxbb-profile-sql-injection(98890)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98890"
},
{
"name": "https://fluxbb.org/development/core/tickets/990/",
"refsource": "CONFIRM",
"url": "https://fluxbb.org/development/core/tickets/990/"
}
]
}
}

160
2014/3xxx/CVE-2014-3322.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3322",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009"
},
{
"name" : "20140722 Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322"
},
{
"name" : "68833",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68833"
},
{
"name" : "1030623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030623"
},
{
"name" : "60311",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60311"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60311"
},
{
"name": "1030623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030623"
},
{
"name": "20140722 Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322"
},
{
"name": "68833",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68833"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009"
}
]
}
}

150
2014/3xxx/CVE-2014-3712.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141022 CVE-2014-3712 Katello: user parameters passed to to_sym",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q4/419"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155708",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155708"
},
{
"name" : "70707",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70707"
},
{
"name" : "katello-cve20143712-dos(97724)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97724"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70707"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1155708",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155708"
},
{
"name": "katello-cve20143712-dos(97724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97724"
},
{
"name": "[oss-security] 20141022 CVE-2014-3712 Katello: user parameters passed to to_sym",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/419"
}
]
}
}

130
2014/4xxx/CVE-2014-4040.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4040",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140617 Re: CVE request: multiple /tmp races in ppc64-diag",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/06/17/1"
},
{
"name" : "RHSA-2015:0384",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0384.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140617 Re: CVE request: multiple /tmp races in ppc64-diag",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/17/1"
},
{
"name": "RHSA-2015:0384",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0384.html"
}
]
}
}

150
2014/4xxx/CVE-2014-4505.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4505",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/node/2288353",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2288353"
},
{
"name" : "https://www.drupal.org/node/2286121",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2286121"
},
{
"name" : "68106",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68106"
},
{
"name" : "59379",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59379"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2286121",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2286121"
},
{
"name": "59379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59379"
},
{
"name": "https://www.drupal.org/node/2288353",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2288353"
},
{
"name": "68106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68106"
}
]
}
}

130
2014/4xxx/CVE-2014-4726.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4726",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140708 Re: CVE request: WordPress plugin wysija-newsletters remote file upload",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/07/08/7"
},
{
"name" : "https://wordpress.org/plugins/wysija-newsletters/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/wysija-newsletters/changelog/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/wysija-newsletters/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wysija-newsletters/changelog/"
},
{
"name": "[oss-security] 20140708 Re: CVE request: WordPress plugin wysija-newsletters remote file upload",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/7"
}
]
}
}

160
2014/8xxx/CVE-2014-8030.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150108 Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8030"
},
{
"name" : "71945",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71945"
},
{
"name" : "1031517",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031517"
},
{
"name" : "62163",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62163"
},
{
"name" : "cisco-webex-cve20148030-xss(100574)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100574"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-webex-cve20148030-xss(100574)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100574"
},
{
"name": "1031517",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031517"
},
{
"name": "62163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62163"
},
{
"name": "20150108 Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8030"
},
{
"name": "71945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71945"
}
]
}
}

130
2014/8xxx/CVE-2014-8174.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8174",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/redhat-cip/edeploy/issues/230",
"refsource" : "MISC",
"url" : "https://github.com/redhat-cip/edeploy/issues/230"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202972",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202972"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redhat-cip/edeploy/issues/230",
"refsource": "MISC",
"url": "https://github.com/redhat-cip/edeploy/issues/230"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1202972",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202972"
}
]
}
}

150
2014/8xxx/CVE-2014-8562.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://int21.de/cve/CVE-2014-8562-ImageMagick-dcm-oob-heap-overflow.html",
"refsource" : "MISC",
"url" : "https://int21.de/cve/CVE-2014-8562-ImageMagick-dcm-oob-heap-overflow.html"
},
{
"name" : "https://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1159362",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1159362"
},
{
"name" : "70837",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70837"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70837"
},
{
"name": "https://int21.de/cve/CVE-2014-8562-ImageMagick-dcm-oob-heap-overflow.html",
"refsource": "MISC",
"url": "https://int21.de/cve/CVE-2014-8562-ImageMagick-dcm-oob-heap-overflow.html"
},
{
"name": "https://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1159362",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1159362"
}
]
}
}

34
2014/8xxx/CVE-2014-8576.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8576",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8576",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

170
2014/8xxx/CVE-2014-8890.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8890",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690185",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690185"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963275",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"
},
{
"name" : "PI29911",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29911"
},
{
"name" : "71834",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71834"
},
{
"name" : "1033384",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033384"
},
{
"name" : "ibm-websphere-cve20148890-priv-escalation(99009)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99009"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"
},
{
"name": "1033384",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033384"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21690185",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690185"
},
{
"name": "PI29911",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29911"
},
{
"name": "71834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71834"
},
{
"name": "ibm-websphere-cve20148890-priv-escalation(99009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99009"
}
]
}
}

140
2014/9xxx/CVE-2014-9967.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2014-9967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted Pointer Dereference Vulnerability in TrustZone"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2014-9967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "98874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98874"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference Vulnerability in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "98874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98874"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}

170
2016/2xxx/CVE-2016-2116.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2116",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160303 Security issues in JasPer (CVE-2016-1577 and CVE-2016-2116)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/03/12"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/jasper/+bug/1547865",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/jasper/+bug/1547865"
},
{
"name" : "DSA-3508",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3508"
},
{
"name" : "RHSA-2017:1208",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name" : "USN-2919-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2919-1"
},
{
"name" : "84133",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84133"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3508",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3508"
},
{
"name": "[oss-security] 20160303 Security issues in JasPer (CVE-2016-1577 and CVE-2016-2116)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/03/12"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/jasper/+bug/1547865",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/jasper/+bug/1547865"
},
{
"name": "USN-2919-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2919-1"
},
{
"name": "RHSA-2017:1208",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name": "84133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84133"
}
]
}
}

176
2016/2xxx/CVE-2016-2977.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-23T00:00:00",
"ID" : "CVE-2016-2977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sametime",
"version" : {
"version_data" : [
{
"version_value" : "8.5.2"
},
{
"version_value" : "8.5.2.1"
},
{
"version_value" : "9.0"
},
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Other"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2016-2977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sametime",
"version": {
"version_data": [
{
"version_value": "8.5.2"
},
{
"version_value": "8.5.2.1"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113937",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113937"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006439",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006439"
},
{
"name" : "100599",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100599"
},
{
"name" : "1039231",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039231"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100599"
},
{
"name": "1039231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039231"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006439",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006439"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113937",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113937"
}
]
}
}

130
2016/2xxx/CVE-2016-2986.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2986",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x before 6.0.1 iFix6, and Rational Rhapsody Design Manager 6.x before 6.0.1 iFix6 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989940",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989940"
},
{
"name" : "92869",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92869"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x before 6.0.1 iFix6, and Rational Rhapsody Design Manager 6.x before 6.0.1 iFix6 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989940",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989940"
},
{
"name": "92869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92869"
}
]
}
}

140
2016/3xxx/CVE-2016-3154.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr",
"refsource" : "CONFIRM",
"url" : "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr"
},
{
"name" : "https://core.spip.net/projects/spip/repository/revisions/22903",
"refsource" : "CONFIRM",
"url" : "https://core.spip.net/projects/spip/repository/revisions/22903"
},
{
"name" : "DSA-3518",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3518"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr",
"refsource": "CONFIRM",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr"
},
{
"name": "DSA-3518",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3518"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/22903",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/22903"
}
]
}
}

34
2016/3xxx/CVE-2016-3217.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3217",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-3217",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/3xxx/CVE-2016-3290.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3290",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3288."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-095",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095"
},
{
"name" : "92322",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92322"
},
{
"name" : "1036562",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036562"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3288."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92322"
},
{
"name": "MS16-095",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095"
},
{
"name": "1036562",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036562"
}
]
}
}

140
2016/3xxx/CVE-2016-3754.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e"
}
]
}
}

150
2016/3xxx/CVE-2016-3876.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3876",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/base/+/91fc934bb2e5ea59929bb2f574de6db9b5100745",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/base/+/91fc934bb2e5ea59929bb2f574de6db9b5100745"
},
{
"name" : "92819",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92819"
},
{
"name" : "1036763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/91fc934bb2e5ea59929bb2f574de6db9b5100745",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/91fc934bb2e5ea59929bb2f574de6db9b5100745"
},
{
"name": "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "92819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92819"
}
]
}
}

160
2016/6xxx/CVE-2016-6242.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160714 Multiple Bugs in OpenBSD Kernel",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/14/5"
},
{
"name" : "[oss-security] 20160717 ReL Multiple Bugs in OpenBSD Kernel",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/17/7"
},
{
"name" : "http://www.openbsd.org/errata58.html",
"refsource" : "CONFIRM",
"url" : "http://www.openbsd.org/errata58.html"
},
{
"name" : "http://www.openbsd.org/errata59.html",
"refsource" : "CONFIRM",
"url" : "http://www.openbsd.org/errata59.html"
},
{
"name" : "91805",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91805"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openbsd.org/errata59.html",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/errata59.html"
},
{
"name": "[oss-security] 20160714 Multiple Bugs in OpenBSD Kernel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/14/5"
},
{
"name": "[oss-security] 20160717 ReL Multiple Bugs in OpenBSD Kernel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/17/7"
},
{
"name": "http://www.openbsd.org/errata58.html",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/errata58.html"
},
{
"name": "91805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91805"
}
]
}
}

160
2016/6xxx/CVE-2016-6246.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160714 Multiple Bugs in OpenBSD Kernel",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/14/5"
},
{
"name" : "[oss-security] 20160717 ReL Multiple Bugs in OpenBSD Kernel",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/17/7"
},
{
"name" : "http://www.openbsd.org/errata58.html",
"refsource" : "CONFIRM",
"url" : "http://www.openbsd.org/errata58.html"
},
{
"name" : "http://www.openbsd.org/errata59.html",
"refsource" : "CONFIRM",
"url" : "http://www.openbsd.org/errata59.html"
},
{
"name" : "91805",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91805"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openbsd.org/errata59.html",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/errata59.html"
},
{
"name": "[oss-security] 20160714 Multiple Bugs in OpenBSD Kernel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/14/5"
},
{
"name": "[oss-security] 20160717 ReL Multiple Bugs in OpenBSD Kernel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/17/7"
},
{
"name": "http://www.openbsd.org/errata58.html",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/errata58.html"
},
{
"name": "91805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91805"
}
]
}
}

190
2016/7xxx/CVE-2016-7874.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2016-7874",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-7874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html"
},
{
"name" : "GLSA-201701-17",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-17"
},
{
"name" : "MS16-154",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154"
},
{
"name" : "RHSA-2016:2947",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html"
},
{
"name" : "SUSE-SU-2016:3148",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html"
},
{
"name" : "openSUSE-SU-2016:3160",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html"
},
{
"name" : "94866",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94866"
},
{
"name" : "1037442",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037442"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:3148",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html"
},
{
"name": "MS16-154",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154"
},
{
"name": "GLSA-201701-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-17"
},
{
"name": "1037442",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037442"
},
{
"name": "94866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94866"
},
{
"name": "RHSA-2016:2947",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html"
},
{
"name": "openSUSE-SU-2016:3160",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html"
}
]
}
}

170
2016/7xxx/CVE-2016-7935.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource" : "CONFIRM",
"url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name" : "DSA-3775",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3775"
},
{
"name" : "GLSA-201702-30",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-30"
},
{
"name" : "RHSA-2017:1871",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name" : "95852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95852"
},
{
"name" : "1037755",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037755"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037755"
},
{
"name": "DSA-3775",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3775"
},
{
"name": "RHSA-2017:1871",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource": "CONFIRM",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name": "95852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95852"
},
{
"name": "GLSA-201702-30",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-30"
}
]
}
}

170
2016/7xxx/CVE-2016-7938.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7938",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource" : "CONFIRM",
"url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name" : "DSA-3775",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3775"
},
{
"name" : "GLSA-201702-30",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-30"
},
{
"name" : "RHSA-2017:1871",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name" : "95852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95852"
},
{
"name" : "1037755",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037755"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037755"
},
{
"name": "DSA-3775",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3775"
},
{
"name": "RHSA-2017:1871",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource": "CONFIRM",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name": "95852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95852"
},
{
"name": "GLSA-201702-30",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-30"
}
]
}
}

34
2016/7xxx/CVE-2016-7941.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7941",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7941",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}