admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:19:45 +00:00
parent 1e4a59b5dc
commit 2c58da4bc3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3762 additions and 3762 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
2006/0xxx/CVE-2006-0359.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0359",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash) via SIP INVITE commands with a long header field name sent during a call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060116 CounterPath eyeBeam Handing SIP header Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422009/100/0/threaded"
},
{
"name" : "20060921 Re: CounterPath eyeBeam Handing SIP header Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446573/100/0/threaded"
},
{
"name" : "http://blog.donews.com/zwell/archive/2006/01/17/698810.aspx",
"refsource" : "MISC",
"url" : "http://blog.donews.com/zwell/archive/2006/01/17/698810.aspx"
},
{
"name" : "16253",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16253"
},
{
"name" : "ADV-2006-0259",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0259"
},
{
"name" : "18516",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18516"
},
{
"name" : "354",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/354"
},
{
"name" : "eyebeam-sip-header-bo(24181)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24181"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash) via SIP INVITE commands with a long header field name sent during a call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0259",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0259"
},
{
"name": "http://blog.donews.com/zwell/archive/2006/01/17/698810.aspx",
"refsource": "MISC",
"url": "http://blog.donews.com/zwell/archive/2006/01/17/698810.aspx"
},
{
"name": "20060116 CounterPath eyeBeam Handing SIP header Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422009/100/0/threaded"
},
{
"name": "16253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16253"
},
{
"name": "eyebeam-sip-header-bo(24181)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24181"
},
{
"name": "18516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18516"
},
{
"name": "354",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/354"
},
{
"name": "20060921 Re: CounterPath eyeBeam Handing SIP header Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446573/100/0/threaded"
}
]
}
}

178
2006/0xxx/CVE-2006-0401.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=303567",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=303567"
},
{
"name" : "17364",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17364"
},
{
"name" : "ADV-2006-1215",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1215"
},
{
"name" : "24399",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24399"
},
{
"name" : "1015859",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015859"
},
{
"name" : "19462",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19462"
},
{
"name" : "macosx-firmware-password-bypass(25620)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25620"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1215",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1215"
},
{
"name": "macosx-firmware-password-bypass(25620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25620"
},
{
"name": "24399",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24399"
},
{
"name": "1015859",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015859"
},
{
"name": "17364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17364"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=303567",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=303567"
},
{
"name": "19462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19462"
}
]
}
}

288
2006/0xxx/CVE-2006-0557.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0557",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security-info@sgi.com",
"ID": "CVE-2006-0557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63"
},
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63"
},
{
"name" : "http://lkml.org/lkml/2006/2/27/355",
"refsource" : "CONFIRM",
"url" : "http://lkml.org/lkml/2006/2/27/355"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=184510",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=184510"
},
{
"name" : "DSA-1103",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1103"
},
{
"name" : "MDKSA-2006:059",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:059"
},
{
"name" : "RHBA-2007-0304",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHBA-2007-0304.html"
},
{
"name" : "SUSE-SA:2006:028",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name" : "USN-281-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/281-1/"
},
{
"name" : "16924",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16924"
},
{
"name" : "oval:org.mitre.oval:def:9674",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9674"
},
{
"name" : "ADV-2006-2554",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name" : "23895",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23895"
},
{
"name" : "1015752",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015752"
},
{
"name" : "19955",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19955"
},
{
"name" : "20914",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20914"
},
{
"name" : "20398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20398"
},
{
"name" : "linux-get-nodes-dos(25204)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25204"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015752",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015752"
},
{
"name": "ADV-2006-2554",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name": "USN-281-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/281-1/"
},
{
"name": "23895",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23895"
},
{
"name": "http://lkml.org/lkml/2006/2/27/355",
"refsource": "CONFIRM",
"url": "http://lkml.org/lkml/2006/2/27/355"
},
{
"name": "16924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16924"
},
{
"name": "linux-get-nodes-dos(25204)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25204"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63"
},
{
"name": "SUSE-SA:2006:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name": "19955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19955"
},
{
"name": "DSA-1103",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1103"
},
{
"name": "RHBA-2007-0304",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHBA-2007-0304.html"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=184510",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=184510"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63"
},
{
"name": "20398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20398"
},
{
"name": "MDKSA-2006:059",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:059"
},
{
"name": "oval:org.mitre.oval:def:9674",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9674"
},
{
"name": "20914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20914"
}
]
}
}

188
2006/0xxx/CVE-2006-0731.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0731",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060215 CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425056/100/0/threaded"
},
{
"name" : "20060515 CYBSEC - Security Advisory: Phishing Vector in SAP BC (BusinessConnector)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434012/30/4980/threaded"
},
{
"name" : "http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Phishing_Vector_in_SAP_BC.pdf",
"refsource" : "MISC",
"url" : "http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Phishing_Vector_in_SAP_BC.pdf"
},
{
"name" : "16671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16671"
},
{
"name" : "ADV-2006-0611",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0611"
},
{
"name" : "1015639",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015639"
},
{
"name" : "18880",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18880"
},
{
"name" : "sapbc-admin-spoofing(24751)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24751"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18880",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18880"
},
{
"name": "20060515 CYBSEC - Security Advisory: Phishing Vector in SAP BC (BusinessConnector)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434012/30/4980/threaded"
},
{
"name": "1015639",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015639"
},
{
"name": "16671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16671"
},
{
"name": "20060215 CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425056/100/0/threaded"
},
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Phishing_Vector_in_SAP_BC.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Phishing_Vector_in_SAP_BC.pdf"
},
{
"name": "ADV-2006-0611",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0611"
},
{
"name": "sapbc-admin-spoofing(24751)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24751"
}
]
}
}

188
2006/1xxx/CVE-2006-1274.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Classic Planer in AntiVir PersonalEdition Classic 7 does not drop privileges before executing external programs, which allows local users to gain privileges via notepad.exe, which is used to display scan reports."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060311 AntiVir PersonalEdition Classic: Local Privilige Escalation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427412/100/0/threaded"
},
{
"name" : "20060311 AntiVir PersonalEdition Classic: Local Privilige Escalation",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042868.html"
},
{
"name" : "17071",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17071"
},
{
"name" : "ADV-2006-0948",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0948"
},
{
"name" : "23843",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23843"
},
{
"name" : "19217",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19217"
},
{
"name" : "573",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/573"
},
{
"name" : "antivir-notepad-gain-privilege(25244)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25244"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Classic Planer in AntiVir PersonalEdition Classic 7 does not drop privileges before executing external programs, which allows local users to gain privileges via notepad.exe, which is used to display scan reports."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060311 AntiVir PersonalEdition Classic: Local Privilige Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427412/100/0/threaded"
},
{
"name": "ADV-2006-0948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0948"
},
{
"name": "20060311 AntiVir PersonalEdition Classic: Local Privilige Escalation",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042868.html"
},
{
"name": "23843",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23843"
},
{
"name": "573",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/573"
},
{
"name": "19217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19217"
},
{
"name": "17071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17071"
},
{
"name": "antivir-notepad-gain-privilege(25244)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25244"
}
]
}
}

32
2006/1xxx/CVE-2006-1299.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1299",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-1299",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

158
2006/1xxx/CVE-2006-1369.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://forums.invisionpower.com/index.php?showtopic=209178",
"refsource" : "CONFIRM",
"url" : "http://forums.invisionpower.com/index.php?showtopic=209178"
},
{
"name" : "17187",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17187"
},
{
"name" : "ADV-2006-1044",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1044"
},
{
"name" : "19299",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19299"
},
{
"name" : "invision-privatemessage-xss(25384)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25384"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19299"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=209178",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=209178"
},
{
"name": "ADV-2006-1044",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1044"
},
{
"name": "17187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17187"
},
{
"name": "invision-privatemessage-xss(25384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25384"
}
]
}
}

198
2006/1xxx/CVE-2006-1461.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1461",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
},
{
"name" : "APPLE-SA-2006-05-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
},
{
"name" : "TA06-132B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
},
{
"name" : "17953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17953"
},
{
"name" : "ADV-2006-1778",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1778"
},
{
"name" : "1016067",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016067"
},
{
"name" : "20069",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20069"
},
{
"name" : "887",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/887"
},
{
"name" : "quicktime-flash-bo(26394)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26394"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20069"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
},
{
"name": "1016067",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016067"
},
{
"name": "quicktime-flash-bo(26394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26394"
},
{
"name": "TA06-132B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
},
{
"name": "887",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/887"
},
{
"name": "17953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17953"
},
{
"name": "ADV-2006-1778",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1778"
},
{
"name": "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
}
]
}
}

138
2006/1xxx/CVE-2006-1507.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1507",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060328 XSS in PHPKIT Version 1.6.03",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429249/100/0/threaded"
},
{
"name" : "17291",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17291"
},
{
"name" : "phpkit-error-xss(25594)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25594"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpkit-error-xss(25594)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25594"
},
{
"name": "20060328 XSS in PHPKIT Version 1.6.03",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429249/100/0/threaded"
},
{
"name": "17291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17291"
}
]
}
}

168
2006/5xxx/CVE-2006-5390.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5390",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2551",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2551"
},
{
"name" : "http://www.phpbb.com/phpBB/viewtopic.php?p=2504370#2504370",
"refsource" : "CONFIRM",
"url" : "http://www.phpbb.com/phpBB/viewtopic.php?p=2504370#2504370"
},
{
"name" : "20558",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20558"
},
{
"name" : "29734",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29734"
},
{
"name" : "22436",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22436"
},
{
"name" : "phpbb-acp-functions-file-include(29571)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29571"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?p=2504370#2504370",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?p=2504370#2504370"
},
{
"name": "2551",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2551"
},
{
"name": "22436",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22436"
},
{
"name": "29734",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29734"
},
{
"name": "20558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20558"
},
{
"name": "phpbb-acp-functions-file-include(29571)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29571"
}
]
}
}

188
2006/5xxx/CVE-2006-5574.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5574",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-5574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST02184",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name" : "SSRT071296",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name" : "MS07-001",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-001"
},
{
"name" : "21942",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21942"
},
{
"name" : "ADV-2007-0102",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0102"
},
{
"name" : "31251",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/31251"
},
{
"name" : "1017486",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017486"
},
{
"name" : "23671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23671"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017486",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017486"
},
{
"name": "HPSBST02184",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "31251",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31251"
},
{
"name": "MS07-001",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-001"
},
{
"name": "SSRT071296",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "ADV-2007-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0102"
},
{
"name": "23671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23671"
},
{
"name": "21942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21942"
}
]
}
}

118
2010/0xxx/CVE-2010-0389.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0389",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html",
"refsource" : "MISC",
"url" : "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html",
"refsource": "MISC",
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html"
}
]
}
}

138
2010/0xxx/CVE-2010-0431.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0431",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=568809",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=568809"
},
{
"name" : "RHSA-2010:0622",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0622.html"
},
{
"name" : "RHSA-2010:0627",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0627.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0627",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0627.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=568809",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=568809"
},
{
"name": "RHSA-2010:0622",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0622.html"
}
]
}
}

128
2010/0xxx/CVE-2010-0511.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0511",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
}
]
}
}

338
2010/1xxx/CVE-2010-1401.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100608 ZDI-10-098: Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511717/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-098",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-098"
},
{
"name" : "http://support.apple.com/kb/HT4196",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4196"
},
{
"name" : "http://support.apple.com/kb/HT4220",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4220"
},
{
"name" : "http://support.apple.com/kb/HT4225",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4225"
},
{
"name" : "APPLE-SA-2010-06-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
},
{
"name" : "APPLE-SA-2010-06-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
},
{
"name" : "APPLE-SA-2010-06-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name" : "MDVSA-2011:039",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-1006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name" : "40620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40620"
},
{
"name" : "oval:org.mitre.oval:def:6981",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6981"
},
{
"name" : "1024067",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024067"
},
{
"name" : "40105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40105"
},
{
"name" : "40196",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40196"
},
{
"name" : "41856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41856"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-1373",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1373"
},
{
"name" : "ADV-2010-1512",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1512"
},
{
"name" : "ADV-2010-2722",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "ADV-2011-0552",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0552"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "http://support.apple.com/kb/HT4220",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4220"
},
{
"name": "20100608 ZDI-10-098: Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511717/100/0/threaded"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "APPLE-SA-2010-06-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
},
{
"name": "40196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40196"
},
{
"name": "40105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40105"
},
{
"name": "ADV-2010-1373",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1373"
},
{
"name": "APPLE-SA-2010-06-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "oval:org.mitre.oval:def:6981",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6981"
},
{
"name": "ADV-2010-1512",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1512"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-098",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-098"
},
{
"name": "40620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40620"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "1024067",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024067"
},
{
"name": "http://support.apple.com/kb/HT4196",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4196"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
]
}
}

32
2010/3xxx/CVE-2010-3016.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3016",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2803. Reason: This candidate is a reservation duplicate of CVE-2010-2803. Notes: All CVE users should reference CVE-2010-2803 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-3016",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2803. Reason: This candidate is a reservation duplicate of CVE-2010-2803. Notes: All CVE users should reference CVE-2010-2803 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

208
2010/3xxx/CVE-2010-3195.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3195",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving \"special group and user enumeration.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource" : "CONFIRM",
"url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
},
{
"name" : "IC66099",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099"
},
{
"name" : "IC66642",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642"
},
{
"name" : "IC66643",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66643"
},
{
"name" : "oval:org.mitre.oval:def:14647",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14647"
},
{
"name" : "41218",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41218"
},
{
"name" : "ADV-2010-2225",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2225"
},
{
"name" : "db2-special-group-dos(61446)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61446"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving \"special group and user enumeration.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "db2-special-group-dos(61446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61446"
},
{
"name": "ADV-2010-2225",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2225"
},
{
"name": "IC66643",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66643"
},
{
"name": "41218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41218"
},
{
"name": "IC66642",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642"
},
{
"name": "IC66099",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099"
},
{
"name": "oval:org.mitre.oval:def:14647",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14647"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource": "CONFIRM",
"url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
}
]
}
}

158
2010/3xxx/CVE-2010-3458.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3458",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14968",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14968"
},
{
"name" : "http://packetstormsecurity.org/1009-exploits/symphony-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-exploits/symphony-sqlxss.txt"
},
{
"name" : "43180",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43180"
},
{
"name" : "41379",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41379"
},
{
"name" : "symphony-sendemail-sql-injection(61749)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61749"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43180"
},
{
"name": "41379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41379"
},
{
"name": "symphony-sendemail-sql-injection(61749)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61749"
},
{
"name": "14968",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14968"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/symphony-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/symphony-sqlxss.txt"
}
]
}
}

128
2010/3xxx/CVE-2010-3512.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, related to DAV (WebDAV)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, related to DAV (WebDAV)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

208
2010/3xxx/CVE-2010-3826.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-3826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4455",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4455"
},
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "APPLE-SA-2010-11-18-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "oval:org.mitre.oval:def:11814",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11814"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-3046",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "http://support.apple.com/kb/HT4455",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2010-3046",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name": "oval:org.mitre.oval:def:11814",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11814"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

228
2010/3xxx/CVE-2010-3852.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3852",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses \"[INSERT SECRET HERE]\" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=9e0bbf0c5faa198379d945474f7d55da5031cacf",
"refsource" : "CONFIRM",
"url" : "http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=9e0bbf0c5faa198379d945474f7d55da5031cacf"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=626504",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=626504"
},
{
"name" : "FEDORA-2010-16601",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050246.html"
},
{
"name" : "FEDORA-2010-16617",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050244.html"
},
{
"name" : "FEDORA-2010-16848",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050309.html"
},
{
"name" : "44611",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44611"
},
{
"name" : "69015",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69015"
},
{
"name" : "42113",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42113"
},
{
"name" : "42123",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42123"
},
{
"name" : "ADV-2010-2873",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2873"
},
{
"name" : "ADV-2010-2900",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2900"
},
{
"name" : "luci-whoini-weak-security(62980)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62980"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses \"[INSERT SECRET HERE]\" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2900",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2900"
},
{
"name": "44611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44611"
},
{
"name": "42123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42123"
},
{
"name": "ADV-2010-2873",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2873"
},
{
"name": "FEDORA-2010-16617",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050244.html"
},
{
"name": "42113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42113"
},
{
"name": "FEDORA-2010-16848",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050309.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=626504",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626504"
},
{
"name": "69015",
"refsource": "OSVDB",
"url": "http://osvdb.org/69015"
},
{
"name": "luci-whoini-weak-security(62980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62980"
},
{
"name": "http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=9e0bbf0c5faa198379d945474f7d55da5031cacf",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=9e0bbf0c5faa198379d945474f7d55da5031cacf"
},
{
"name": "FEDORA-2010-16601",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050246.html"
}
]
}
}

168
2010/4xxx/CVE-2010-4669.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4669",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html",
"refsource" : "MISC",
"url" : "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html"
},
{
"name" : "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3",
"refsource" : "MISC",
"url" : "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3"
},
{
"name" : "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4",
"refsource" : "MISC",
"url" : "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4"
},
{
"name" : "http://www.youtube.com/watch?v=00yjWB6gGy8",
"refsource" : "MISC",
"url" : "http://www.youtube.com/watch?v=00yjWB6gGy8"
},
{
"name" : "45760",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45760"
},
{
"name" : "ms-win-nd-protocol-dos(64583)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64583"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45760"
},
{
"name": "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4",
"refsource": "MISC",
"url": "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4"
},
{
"name": "ms-win-nd-protocol-dos(64583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64583"
},
{
"name": "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3",
"refsource": "MISC",
"url": "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3"
},
{
"name": "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html"
},
{
"name": "http://www.youtube.com/watch?v=00yjWB6gGy8",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=00yjWB6gGy8"
}
]
}
}

148
2010/4xxx/CVE-2010-4776.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15526",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15526"
},
{
"name" : "http://packetstormsecurity.org/files/view/95817/potgp-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/95817/potgp-sql.txt"
},
{
"name" : "8158",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8158"
},
{
"name" : "potg-takefreestart-sql-injection(63246)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63246"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "potg-takefreestart-sql-injection(63246)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63246"
},
{
"name": "http://packetstormsecurity.org/files/view/95817/potgp-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/95817/potgp-sql.txt"
},
{
"name": "15526",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15526"
},
{
"name": "8158",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8158"
}
]
}
}

158
2010/4xxx/CVE-2010-4903.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4903",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100909 SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513572/100/0/threaded"
},
{
"name" : "http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-xss-cubecart-4-3-3/",
"refsource" : "MISC",
"url" : "http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-xss-cubecart-4-3-3/"
},
{
"name" : "43114",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43114"
},
{
"name" : "41352",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41352"
},
{
"name" : "8441",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8441"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100909 SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513572/100/0/threaded"
},
{
"name": "http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-xss-cubecart-4-3-3/",
"refsource": "MISC",
"url": "http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-xss-cubecart-4-3-3/"
},
{
"name": "41352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41352"
},
{
"name": "8441",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8441"
},
{
"name": "43114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43114"
}
]
}
}

158
2010/4xxx/CVE-2010-4949.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4949",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://forum.joomla.org/viewtopic.php?p=2209586",
"refsource" : "CONFIRM",
"url" : "http://forum.joomla.org/viewtopic.php?p=2209586"
},
{
"name" : "41961",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41961"
},
{
"name" : "66628",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/66628"
},
{
"name" : "40751",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40751"
},
{
"name" : "freichat-unspecified-xss(60828)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60828"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.joomla.org/viewtopic.php?p=2209586",
"refsource": "CONFIRM",
"url": "http://forum.joomla.org/viewtopic.php?p=2209586"
},
{
"name": "40751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40751"
},
{
"name": "41961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41961"
},
{
"name": "freichat-unspecified-xss(60828)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60828"
},
{
"name": "66628",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/66628"
}
]
}
}

198
2014/0xxx/CVE-2014-0003.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc",
"refsource" : "CONFIRM",
"url" : "http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc"
},
{
"name" : "RHSA-2014:0245",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0245.html"
},
{
"name" : "RHSA-2014:0254",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0254.html"
},
{
"name" : "RHSA-2014:0371",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0371.html"
},
{
"name" : "RHSA-2014:0372",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0372.html"
},
{
"name" : "65902",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65902"
},
{
"name" : "57125",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57125"
},
{
"name" : "57716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57716"
},
{
"name" : "57719",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57719"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57125"
},
{
"name": "RHSA-2014:0254",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0254.html"
},
{
"name": "RHSA-2014:0371",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"
},
{
"name": "65902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65902"
},
{
"name": "57719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57719"
},
{
"name": "RHSA-2014:0245",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0245.html"
},
{
"name": "57716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57716"
},
{
"name": "http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc",
"refsource": "CONFIRM",
"url": "http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc"
},
{
"name": "RHSA-2014:0372",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"
}
]
}
}

32
2014/0xxx/CVE-2014-0976.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0976",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0976",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2014/10xxx/CVE-2014-10009.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10009",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zeroscience.mk/codes/starkcrm_mv.txt",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/codes/starkcrm_mv.txt"
},
{
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5169.php",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5169.php"
},
{
"name" : "57048",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57048"
},
{
"name" : "starkcrm-index-xss(91267)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91267"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zeroscience.mk/codes/starkcrm_mv.txt",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/codes/starkcrm_mv.txt"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5169.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5169.php"
},
{
"name": "57048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57048"
},
{
"name": "starkcrm-index-xss(91267)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91267"
}
]
}
}

168
2014/3xxx/CVE-2014-3363.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3363",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672"
},
{
"name" : "20140910 Cisco Unified Communications Manager Cross-Site Redirection Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363"
},
{
"name" : "69739",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69739"
},
{
"name" : "1030836",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030836"
},
{
"name" : "59105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59105"
},
{
"name" : "cisco-ucm-cve20143363-xss(95882)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95882"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140910 Cisco Unified Communications Manager Cross-Site Redirection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363"
},
{
"name": "1030836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030836"
},
{
"name": "cisco-ucm-cve20143363-xss(95882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95882"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672"
},
{
"name": "69739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69739"
},
{
"name": "59105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59105"
}
]
}
}

158
2014/4xxx/CVE-2014-4068.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka \"Lync Denial of Service Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx"
},
{
"name" : "MS14-055",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055"
},
{
"name" : "69586",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69586"
},
{
"name" : "1030821",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030821"
},
{
"name" : "ms-lync-cve20144068-dos(95544)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95544"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka \"Lync Denial of Service Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ms-lync-cve20144068-dos(95544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95544"
},
{
"name": "1030821",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030821"
},
{
"name": "69586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69586"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx"
},
{
"name": "MS14-055",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055"
}
]
}
}

328
2014/4xxx/CVE-2014-4877.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[bug-wget] 20141027 GNU wget 1.16 released",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html"
},
{
"name" : "https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access",
"refsource" : "MISC",
"url" : "https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access"
},
{
"name" : "https://github.com/rapid7/metasploit-framework/pull/4088",
"refsource" : "MISC",
"url" : "https://github.com/rapid7/metasploit-framework/pull/4088"
},
{
"name" : "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7"
},
{
"name" : "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1139181",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1139181"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0431.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0431.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10106",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10106"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "DSA-3062",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3062"
},
{
"name" : "GLSA-201411-05",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201411-05.xml"
},
{
"name" : "MDVSA-2015:121",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:121"
},
{
"name" : "RHSA-2014:1764",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1764.html"
},
{
"name" : "RHSA-2014:1955",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1955.html"
},
{
"name" : "SUSE-SU-2014:1366",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html"
},
{
"name" : "openSUSE-SU-2014:1380",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html"
},
{
"name" : "SUSE-SU-2014:1408",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html"
},
{
"name" : "USN-2393-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2393-1"
},
{
"name" : "VU#685996",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/685996"
},
{
"name" : "70751",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70751"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0"
},
{
"name": "GLSA-201411-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201411-05.xml"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"name": "[bug-wget] 20141027 GNU wget 1.16 released",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html"
},
{
"name": "USN-2393-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2393-1"
},
{
"name": "MDVSA-2015:121",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:121"
},
{
"name": "RHSA-2014:1955",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1955.html"
},
{
"name": "DSA-3062",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3062"
},
{
"name": "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7"
},
{
"name": "VU#685996",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/685996"
},
{
"name": "SUSE-SU-2014:1366",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html"
},
{
"name": "RHSA-2014:1764",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1764.html"
},
{
"name": "SUSE-SU-2014:1408",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "openSUSE-SU-2014:1380",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1139181",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139181"
},
{
"name": "https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "70751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70751"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10106",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10106"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0431.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0431.html"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/4088",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/4088"
}
]
}
}

32
2014/4xxx/CVE-2014-4970.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4970",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4970",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/8xxx/CVE-2014-8167.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8167",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8167",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2014/8xxx/CVE-2014-8479.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-321046.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-321046.pdf"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-321046.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-321046.pdf"
}
]
}
}

32
2014/8xxx/CVE-2014-8565.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8565",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8518. Reason: This candidate is a duplicate of CVE-2014-8518. Notes: All CVE users should reference CVE-2014-8518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8565",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8518. Reason: This candidate is a duplicate of CVE-2014-8518. Notes: All CVE users should reference CVE-2014-8518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

128
2014/9xxx/CVE-2014-9209.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02"
},
{
"name" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323",
"refsource" : "MISC",
"url" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323",
"refsource": "MISC",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02"
}
]
}
}

32
2014/9xxx/CVE-2014-9290.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9290",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-9290",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

138
2014/9xxx/CVE-2014-9319.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9319",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c"
},
{
"name" : "https://www.ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "https://www.ffmpeg.org/security.html"
},
{
"name" : "GLSA-201603-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-06"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c"
},
{
"name": "GLSA-201603-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-06"
},
{
"name": "https://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "https://www.ffmpeg.org/security.html"
}
]
}
}

178
2014/9xxx/CVE-2014-9841.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to \"throwing of exceptions.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f9ef11671c41da4cf973d0d880af1cdfbd127860",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f9ef11671c41da4cf973d0d880af1cdfbd127860"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343499",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343499"
},
{
"name" : "SUSE-SU-2016:1784",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name" : "openSUSE-SU-2016:1748",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name" : "openSUSE-SU-2016:1833",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name" : "USN-3131-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3131-1"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to \"throwing of exceptions.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343499",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343499"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f9ef11671c41da4cf973d0d880af1cdfbd127860",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f9ef11671c41da4cf973d0d880af1cdfbd127860"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name": "USN-3131-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3131-1"
}
]
}
}

128
2016/2xxx/CVE-2016-2882.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2882",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983343",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983343"
},
{
"name" : "91552",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91552"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983343",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983343"
},
{
"name": "91552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91552"
}
]
}
}

148
2016/3xxx/CVE-2016-3490.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3490",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, and 6.4.1 allows remote authenticated users to affect confidentiality via vectors related to Database."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "92024",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92024"
},
{
"name" : "1036402",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036402"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, and 6.4.1 allows remote authenticated users to affect confidentiality via vectors related to Database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "92024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92024"
},
{
"name": "1036402",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036402"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
}
]
}
}

32
2016/3xxx/CVE-2016-3666.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3666",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3666",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

198
2016/3xxx/CVE-2016-3948.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3948",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt"
},
{
"name" : "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch"
},
{
"name" : "GLSA-201607-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201607-01"
},
{
"name" : "RHSA-2016:2600",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"name" : "openSUSE-SU-2016:2081",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name" : "SUSE-SU-2016:1996",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name" : "SUSE-SU-2016:2089",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name" : "USN-3557-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3557-1/"
},
{
"name" : "1035458",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035458"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3557-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "RHSA-2016:2600",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"name": "1035458",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035458"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt"
}
]
}
}

156
2016/6xxx/CVE-2016-6090.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6090",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Commerce Enterprise",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7"
},
{
"version_value" : "8.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "7.0"
},
{
"version_value": "7"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21992759",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21992759"
},
{
"name" : "93873",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93873"
},
{
"name" : "1037091",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037091"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21992759",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992759"
},
{
"name": "93873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93873"
},
{
"name": "1037091",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037091"
}
]
}
}

188
2016/6xxx/CVE-2016-6138.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160819 Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Aug/86"
},
{
"name" : "20160823 Re: Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Aug/114"
},
{
"name" : "http://scn.sap.com/community/security/blog/2015/10/14/sap-security-notes-october-2015--review",
"refsource" : "MISC",
"url" : "http://scn.sap.com/community/security/blog/2015/10/14/sap-security-notes-october-2015--review"
},
{
"name" : "https://layersevensecurity.com/wp-content/uploads/2015/11/Layer-Seven-Security_SAP-Security-Notes_October-2015.pdf",
"refsource" : "MISC",
"url" : "https://layersevensecurity.com/wp-content/uploads/2015/11/Layer-Seven-Security_SAP-Security-Notes_October-2015.pdf"
},
{
"name" : "https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015",
"refsource" : "MISC",
"url" : "https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015"
},
{
"name" : "https://www.onapsis.com/research/security-advisories/sap-trex-remote-directory-traversal",
"refsource" : "MISC",
"url" : "https://www.onapsis.com/research/security-advisories/sap-trex-remote-directory-traversal"
},
{
"name" : "http://packetstormsecurity.com/files/138437/SAP-TREX-7.10-Revision-63-Directory-Traversal.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/138437/SAP-TREX-7.10-Revision-63-Directory-Traversal.html"
},
{
"name" : "92060",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92060"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://scn.sap.com/community/security/blog/2015/10/14/sap-security-notes-october-2015--review",
"refsource": "MISC",
"url": "http://scn.sap.com/community/security/blog/2015/10/14/sap-security-notes-october-2015--review"
},
{
"name": "https://layersevensecurity.com/wp-content/uploads/2015/11/Layer-Seven-Security_SAP-Security-Notes_October-2015.pdf",
"refsource": "MISC",
"url": "https://layersevensecurity.com/wp-content/uploads/2015/11/Layer-Seven-Security_SAP-Security-Notes_October-2015.pdf"
},
{
"name": "http://packetstormsecurity.com/files/138437/SAP-TREX-7.10-Revision-63-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138437/SAP-TREX-7.10-Revision-63-Directory-Traversal.html"
},
{
"name": "https://www.onapsis.com/research/security-advisories/sap-trex-remote-directory-traversal",
"refsource": "MISC",
"url": "https://www.onapsis.com/research/security-advisories/sap-trex-remote-directory-traversal"
},
{
"name": "92060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92060"
},
{
"name": "20160823 Re: Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/114"
},
{
"name": "20160819 Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/86"
},
{
"name": "https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015",
"refsource": "MISC",
"url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015"
}
]
}
}

128
2016/6xxx/CVE-2016-6377.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160831 Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-vmp"
},
{
"name" : "92715",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92715"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160831 Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-vmp"
},
{
"name": "92715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92715"
}
]
}
}

148
2016/6xxx/CVE-2016-6393.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04"
},
{
"name" : "20160928 Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados"
},
{
"name" : "93196",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93196"
},
{
"name" : "1036914",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036914"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93196"
},
{
"name": "1036914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036914"
},
{
"name": "20160928 Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04"
}
]
}
}

138
2016/7xxx/CVE-2016-7292.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7292",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka \"Windows Installer Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-149",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-149"
},
{
"name" : "94768",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94768"
},
{
"name" : "1037450",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037450"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka \"Windows Installer Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94768"
},
{
"name": "MS16-149",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-149"
},
{
"name": "1037450",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037450"
}
]
}
}

32
2016/7xxx/CVE-2016-7348.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7348",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7348",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

178
2016/7xxx/CVE-2016-7611.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207421",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207421"
},
{
"name" : "https://support.apple.com/HT207422",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207422"
},
{
"name" : "https://support.apple.com/HT207424",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207424"
},
{
"name" : "https://support.apple.com/HT207427",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207427"
},
{
"name" : "GLSA-201706-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-15"
},
{
"name" : "94907",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94907"
},
{
"name" : "1037459",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037459"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207427",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207427"
},
{
"name": "94907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94907"
},
{
"name": "https://support.apple.com/HT207421",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207421"
},
{
"name": "1037459",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037459"
},
{
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
},
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "https://support.apple.com/HT207424",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207424"
}
]
}
}