admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:51:28 +00:00
parent b1a46aea8b
commit 2e4b426fc3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
65 changed files with 5155 additions and 5155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2006/0xxx/CVE-2006-0050.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0050",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-0050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-1013",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1013"
},
{
"name" : "17182",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17182"
},
{
"name" : "19318",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19318"
},
{
"name" : "snmptrapfmt-log-temprary-file(25442)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25442"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1013",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1013"
},
{
"name": "17182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17182"
},
{
"name": "snmptrapfmt-log-temprary-file(25442)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25442"
},
{
"name": "19318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19318"
}
]
}
}

150
2006/0xxx/CVE-2006-0071.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "GLSA-200601-01",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-01.xml"
},
{
"name" : "16120",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16120"
},
{
"name" : "22211",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22211"
},
{
"name" : "18284",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18284"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22211",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22211"
},
{
"name": "16120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16120"
},
{
"name": "18284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18284"
},
{
"name": "GLSA-200601-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-01.xml"
}
]
}
}

170
2006/0xxx/CVE-2006-0169.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060111 [eVuln] MyPhPim Arbitrary File Upload",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421626/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/23/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/23/summary.html"
},
{
"name" : "16208",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16208"
},
{
"name" : "ADV-2006-0147",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0147"
},
{
"name" : "18399",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18399"
},
{
"name" : "myphpim-addresses-file-upload(24070)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24070"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://evuln.com/vulns/23/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/23/summary.html"
},
{
"name": "16208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16208"
},
{
"name": "18399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18399"
},
{
"name": "20060111 [eVuln] MyPhPim Arbitrary File Upload",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421626/100/0/threaded"
},
{
"name": "myphpim-addresses-file-upload(24070)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24070"
},
{
"name": "ADV-2006-0147",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0147"
}
]
}
}

150
2006/0xxx/CVE-2006-0453.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain \"bad BER sequence\" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-0453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135"
},
{
"name" : "16677",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16677"
},
{
"name" : "18960",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18960"
},
{
"name" : "fedora-ber-bad-sequence-dos(24795)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24795"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain \"bad BER sequence\" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18960"
},
{
"name": "fedora-ber-bad-sequence-dos(24795)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24795"
},
{
"name": "16677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16677"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135"
}
]
}
}

34
2006/1xxx/CVE-2006-1317.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1317",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-1317",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

140
2006/1xxx/CVE-2006-1565.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359239",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359239"
},
{
"name" : "17288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17288"
},
{
"name" : "libgpib-perl-buildd-file-upload(25681)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25681"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17288"
},
{
"name": "libgpib-perl-buildd-file-upload(25681)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25681"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359239",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359239"
}
]
}
}

160
2006/1xxx/CVE-2006-1605.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving \"parsed PHP.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524"
},
{
"name" : "17357",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17357"
},
{
"name" : "ADV-2006-1201",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1201"
},
{
"name" : "24358",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24358"
},
{
"name" : "19498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19498"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving \"parsed PHP.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1201",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1201"
},
{
"name": "19498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19498"
},
{
"name": "24358",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24358"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524"
},
{
"name": "17357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17357"
}
]
}
}

150
2006/1xxx/CVE-2006-1825.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/04/phplinks-2131-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/04/phplinks-2131-xss-vuln.html"
},
{
"name" : "17586",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17586"
},
{
"name" : "ADV-2006-1378",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1378"
},
{
"name" : "phplinks-index-xss(25890)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25890"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phplinks-index-xss(25890)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25890"
},
{
"name": "ADV-2006-1378",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1378"
},
{
"name": "http://pridels0.blogspot.com/2006/04/phplinks-2131-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/phplinks-2131-xss-vuln.html"
},
{
"name": "17586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17586"
}
]
}
}

220
2006/1xxx/CVE-2006-1885.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1885",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html"
},
{
"name" : "HPSBMA02113",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded"
},
{
"name" : "SSRT061148",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded"
},
{
"name" : "VU#443265",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/443265"
},
{
"name" : "17590",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17590"
},
{
"name" : "ADV-2006-1397",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1397"
},
{
"name" : "ADV-2006-1571",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1571"
},
{
"name" : "1015961",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015961"
},
{
"name" : "19712",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19712"
},
{
"name" : "19859",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19859"
},
{
"name" : "oracle-reporting-framework-access(26056)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26056"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19712"
},
{
"name": "19859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19859"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html"
},
{
"name": "ADV-2006-1571",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1571"
},
{
"name": "17590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17590"
},
{
"name": "SSRT061148",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"
},
{
"name": "VU#443265",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/443265"
},
{
"name": "ADV-2006-1397",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1397"
},
{
"name": "HPSBMA02113",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"
},
{
"name": "oracle-reporting-framework-access(26056)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26056"
},
{
"name": "1015961",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015961"
}
]
}
}

200
2006/1xxx/CVE-2006-1913.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1913",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kiki91.altervista.org/exploit/jax.txt",
"refsource" : "MISC",
"url" : "http://kiki91.altervista.org/exploit/jax.txt"
},
{
"name" : "http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html"
},
{
"name" : "17560",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17560"
},
{
"name" : "16337",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16337"
},
{
"name" : "ADV-2006-1800",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1800"
},
{
"name" : "24991",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24991"
},
{
"name" : "19843",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19843"
},
{
"name" : "20110",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20110"
},
{
"name" : "jaxguestbook-admin-xss(26448)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26448"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kiki91.altervista.org/exploit/jax.txt",
"refsource": "MISC",
"url": "http://kiki91.altervista.org/exploit/jax.txt"
},
{
"name": "jaxguestbook-admin-xss(26448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26448"
},
{
"name": "20110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20110"
},
{
"name": "24991",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24991"
},
{
"name": "16337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16337"
},
{
"name": "19843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19843"
},
{
"name": "http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html"
},
{
"name": "ADV-2006-1800",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1800"
},
{
"name": "17560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17560"
}
]
}
}

210
2006/4xxx/CVE-2006-4028.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to \"Anyone can register\" functionality (user registration for guests)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wordpress.org/development/2006/07/wordpress-204/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/development/2006/07/wordpress-204/"
},
{
"name" : "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/",
"refsource" : "MISC",
"url" : "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/"
},
{
"name" : "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/",
"refsource" : "MISC",
"url" : "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=142142",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=142142"
},
{
"name" : "GLSA-200608-19",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-19.xml"
},
{
"name" : "19247",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19247"
},
{
"name" : "ADV-2006-3071",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3071"
},
{
"name" : "27633",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27633"
},
{
"name" : "21309",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21309"
},
{
"name" : "21447",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21447"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to \"Anyone can register\" functionality (user registration for guests)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3071"
},
{
"name": "21447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21447"
},
{
"name": "19247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19247"
},
{
"name": "http://wordpress.org/development/2006/07/wordpress-204/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/development/2006/07/wordpress-204/"
},
{
"name": "21309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21309"
},
{
"name": "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/",
"refsource": "MISC",
"url": "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/"
},
{
"name": "GLSA-200608-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-19.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=142142",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=142142"
},
{
"name": "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/",
"refsource": "MISC",
"url": "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/"
},
{
"name": "27633",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27633"
}
]
}
}

190
2006/4xxx/CVE-2006-4160.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4160",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3) BaseView.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2173",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2173"
},
{
"name" : "19481",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19481"
},
{
"name" : "ADV-2006-3268",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3268"
},
{
"name" : "27894",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27894"
},
{
"name" : "27895",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27895"
},
{
"name" : "27896",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27896"
},
{
"name" : "21455",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21455"
},
{
"name" : "mvcnphp-basecommand-file-include(28339)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28339"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3) BaseView.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2173",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2173"
},
{
"name": "mvcnphp-basecommand-file-include(28339)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28339"
},
{
"name": "27895",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27895"
},
{
"name": "27894",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27894"
},
{
"name": "ADV-2006-3268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3268"
},
{
"name": "27896",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27896"
},
{
"name": "21455",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21455"
},
{
"name": "19481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19481"
}
]
}
}

190
2006/4xxx/CVE-2006-4235.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.pentest.co.uk/documents/ptl-2006-01.html",
"refsource" : "MISC",
"url" : "http://www.pentest.co.uk/documents/ptl-2006-01.html"
},
{
"name" : "http://kb.sony-europe.com/KB/Solutions/EN/V00000_V00499/v00244.html",
"refsource" : "CONFIRM",
"url" : "http://kb.sony-europe.com/KB/Solutions/EN/V00000_V00499/v00244.html"
},
{
"name" : "VU#697761",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/697761"
},
{
"name" : "19558",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19558"
},
{
"name" : "ADV-2006-3286",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3286"
},
{
"name" : "27966",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27966"
},
{
"name" : "21510",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21510"
},
{
"name" : "sony-sonicstage-file-import-bo(28421)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28421"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.sony-europe.com/KB/Solutions/EN/V00000_V00499/v00244.html",
"refsource": "CONFIRM",
"url": "http://kb.sony-europe.com/KB/Solutions/EN/V00000_V00499/v00244.html"
},
{
"name": "http://www.pentest.co.uk/documents/ptl-2006-01.html",
"refsource": "MISC",
"url": "http://www.pentest.co.uk/documents/ptl-2006-01.html"
},
{
"name": "ADV-2006-3286",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3286"
},
{
"name": "27966",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27966"
},
{
"name": "sony-sonicstage-file-import-bo(28421)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28421"
},
{
"name": "19558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19558"
},
{
"name": "21510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21510"
},
{
"name": "VU#697761",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/697761"
}
]
}
}

170
2006/5xxx/CVE-2006-5017.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5017",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060922 E-Vision CMS Multible Remote injections",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446706/100/0/threaded"
},
{
"name" : "20147",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20147"
},
{
"name" : "ADV-2006-3764",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3764"
},
{
"name" : "21969",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21969"
},
{
"name" : "1642",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1642"
},
{
"name" : "evisioncms-allusers-sql-injection(29123)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29123"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21969",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21969"
},
{
"name": "1642",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1642"
},
{
"name": "20060922 E-Vision CMS Multible Remote injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446706/100/0/threaded"
},
{
"name": "20147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20147"
},
{
"name": "evisioncms-allusers-sql-injection(29123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29123"
},
{
"name": "ADV-2006-3764",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3764"
}
]
}
}

180
2006/5xxx/CVE-2006-5231.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote attackers to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061005 (0-Day) GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP ports and DoS",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049876.html"
},
{
"name" : "http://www.grandstream.com/BETATEST/GXP2000_BT200/Release_Note_GXP2000-BT200_1.1.1.14.pdf",
"refsource" : "MISC",
"url" : "http://www.grandstream.com/BETATEST/GXP2000_BT200/Release_Note_GXP2000-BT200_1.1.1.14.pdf"
},
{
"name" : "20356",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20356"
},
{
"name" : "ADV-2006-3941",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3941"
},
{
"name" : "22265",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22265"
},
{
"name" : "1718",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1718"
},
{
"name" : "grandstream-udp-dos(29356)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29356"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote attackers to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20356"
},
{
"name": "1718",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1718"
},
{
"name": "22265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22265"
},
{
"name": "20061005 (0-Day) GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP ports and DoS",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049876.html"
},
{
"name": "ADV-2006-3941",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3941"
},
{
"name": "grandstream-udp-dos(29356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29356"
},
{
"name": "http://www.grandstream.com/BETATEST/GXP2000_BT200/Release_Note_GXP2000-BT200_1.1.1.14.pdf",
"refsource": "MISC",
"url": "http://www.grandstream.com/BETATEST/GXP2000_BT200/Release_Note_GXP2000-BT200_1.1.1.14.pdf"
}
]
}
}

200
2006/5xxx/CVE-2006-5368.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5368",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Exchange component in Oracle E-Business Suite 6.2.4 has unknown impact and remote attack vectors, aka Vuln# APPS01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "TA06-291A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
},
{
"name" : "20588",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20588"
},
{
"name" : "ADV-2006-4065",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name" : "1017077",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017077"
},
{
"name" : "22396",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22396"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Exchange component in Oracle E-Business Suite 6.2.4 has unknown impact and remote attack vectors, aka Vuln# APPS01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name": "20588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20588"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "ADV-2006-4065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name": "22396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22396"
},
{
"name": "1017077",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017077"
},
{
"name": "TA06-291A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
}
]
}
}

170
2006/5xxx/CVE-2006-5906.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: the issue is disputed by other researchers, who observe that $chemin is defined before use."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061027 Ban v0.1 (bannieres.php) File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449910/100/200/threaded"
},
{
"name" : "20061027 PLS-Bannieres 1.21 (bannieres.php) File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449927/100/200/threaded"
},
{
"name" : "20061028 Re: Ban v0.1 (bannieres.php) File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449955/100/200/threaded"
},
{
"name" : "20061101 Re: PLS-Bannieres 1.21 (bannieres.php) File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450297/100/200/threaded"
},
{
"name" : "20772",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20772"
},
{
"name" : "plsbannieres-bannieres-file-include(29856)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29856"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: the issue is disputed by other researchers, who observe that $chemin is defined before use."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20772"
},
{
"name": "20061101 Re: PLS-Bannieres 1.21 (bannieres.php) File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450297/100/200/threaded"
},
{
"name": "20061028 Re: Ban v0.1 (bannieres.php) File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449955/100/200/threaded"
},
{
"name": "20061027 PLS-Bannieres 1.21 (bannieres.php) File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449927/100/200/threaded"
},
{
"name": "plsbannieres-bannieres-file-include(29856)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29856"
},
{
"name": "20061027 Ban v0.1 (bannieres.php) File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449910/100/200/threaded"
}
]
}
}

170
2010/0xxx/CVE-2010-0165.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-11.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-11.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=542849",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=542849"
},
{
"name" : "MDVSA-2010:070",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"
},
{
"name" : "38918",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38918"
},
{
"name" : "oval:org.mitre.oval:def:8472",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8472"
},
{
"name" : "ADV-2010-0692",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0692"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38918"
},
{
"name": "oval:org.mitre.oval:def:8472",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8472"
},
{
"name": "MDVSA-2010:070",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"
},
{
"name": "ADV-2010-0692",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0692"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=542849",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=542849"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-11.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-11.html"
}
]
}
}

270
2010/0xxx/CVE-2010-0315.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html",
"refsource" : "MISC",
"url" : "http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html"
},
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=32309",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=32309"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html"
},
{
"name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs",
"refsource" : "CONFIRM",
"url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs"
},
{
"name" : "http://trac.webkit.org/changeset/53607",
"refsource" : "CONFIRM",
"url" : "http://trac.webkit.org/changeset/53607"
},
{
"name" : "https://bugs.webkit.org/show_bug.cgi?id=33683",
"refsource" : "CONFIRM",
"url" : "https://bugs.webkit.org/show_bug.cgi?id=33683"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "38177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38177"
},
{
"name" : "oval:org.mitre.oval:def:14452",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14452"
},
{
"name" : "1023583",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023583"
},
{
"name" : "38545",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38545"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-0361",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0361"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "googlechrome-iframe-info-disc(56215)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56215"
},
{
"name" : "google-chrome-href-info-disclosure(55683)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38177"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html",
"refsource": "MISC",
"url": "http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html"
},
{
"name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs",
"refsource": "CONFIRM",
"url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs"
},
{
"name": "googlechrome-iframe-info-disc(56215)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56215"
},
{
"name": "google-chrome-href-info-disclosure(55683)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55683"
},
{
"name": "1023583",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023583"
},
{
"name": "ADV-2010-0361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0361"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "http://trac.webkit.org/changeset/53607",
"refsource": "CONFIRM",
"url": "http://trac.webkit.org/changeset/53607"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=32309",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=32309"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html"
},
{
"name": "oval:org.mitre.oval:def:14452",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14452"
},
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=33683",
"refsource": "CONFIRM",
"url": "https://bugs.webkit.org/show_bug.cgi?id=33683"
},
{
"name": "38545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38545"
}
]
}
}

140
2010/0xxx/CVE-2010-0328.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/extensions/repository/view/cs2_unitconv/1.0.5/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/cs2_unitconv/1.0.5/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"name" : "38166",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38166"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38166"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"name": "http://typo3.org/extensions/repository/view/cs2_unitconv/1.0.5/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/cs2_unitconv/1.0.5/"
}
]
}
}

130
2010/0xxx/CVE-2010-0699.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1002-exploits/vss-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1002-exploits/vss-xss.txt"
},
{
"name" : "38701",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38701"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38701",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38701"
},
{
"name": "http://packetstormsecurity.org/1002-exploits/vss-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/vss-xss.txt"
}
]
}
}

190
2010/2xxx/CVE-2010-2122.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2122",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100517 Joomla component SimpleDownload Local File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511305/100/0/threaded"
},
{
"name" : "12618",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12618"
},
{
"name" : "http://packetstormsecurity.org/1005-exploits/joomlasimpledownload-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/joomlasimpledownload-lfi.txt"
},
{
"name" : "http://extensions.joomla.org/extensions/directory-a-documentation/downloads/10717",
"refsource" : "CONFIRM",
"url" : "http://extensions.joomla.org/extensions/directory-a-documentation/downloads/10717"
},
{
"name" : "40192",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40192"
},
{
"name" : "64743",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/64743"
},
{
"name" : "39871",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39871"
},
{
"name" : "simpledownload-controller-file-include(58625)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1005-exploits/joomlasimpledownload-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/joomlasimpledownload-lfi.txt"
},
{
"name": "64743",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64743"
},
{
"name": "simpledownload-controller-file-include(58625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58625"
},
{
"name": "39871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39871"
},
{
"name": "12618",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12618"
},
{
"name": "40192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40192"
},
{
"name": "http://extensions.joomla.org/extensions/directory-a-documentation/downloads/10717",
"refsource": "CONFIRM",
"url": "http://extensions.joomla.org/extensions/directory-a-documentation/downloads/10717"
},
{
"name": "20100517 Joomla component SimpleDownload Local File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511305/100/0/threaded"
}
]
}
}

120
2010/2xxx/CVE-2010-2379.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2379",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise HCM - Time & Labor component in Oracle PeopleSoft and JDEdwards Suite HCM 9.0 Bundle #13 and HCM 9.1 Bundle #2 allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-2379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise HCM - Time & Labor component in Oracle PeopleSoft and JDEdwards Suite HCM 9.0 Bundle #13 and HCM 9.1 Bundle #2 allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}

260
2010/2xxx/CVE-2010-2500.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2500",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[freetype] 20100712 FreeType 2.4.0 has been released",
"refsource" : "MLIST",
"url" : "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"
},
{
"name" : "[oss-security] 20100713 Multiple bugs in freetype",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127905701201340&w=2"
},
{
"name" : "[oss-security] 20100714 Re: Multiple bugs in freetype",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127909326909362&w=2"
},
{
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=613167",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=613167"
},
{
"name" : "https://savannah.nongnu.org/bugs/?30263",
"refsource" : "CONFIRM",
"url" : "https://savannah.nongnu.org/bugs/?30263"
},
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "DSA-2070",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2070"
},
{
"name" : "MDVSA-2010:137",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137"
},
{
"name" : "RHSA-2010:0577",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0577.html"
},
{
"name" : "RHSA-2010:0578",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0578.html"
},
{
"name" : "USN-963-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-963-1"
},
{
"name" : "1024266",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024266"
},
{
"name" : "48951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48951"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://savannah.nongnu.org/bugs/?30263",
"refsource": "CONFIRM",
"url": "https://savannah.nongnu.org/bugs/?30263"
},
{
"name": "USN-963-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-963-1"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee"
},
{
"name": "[freetype] 20100712 FreeType 2.4.0 has been released",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "[oss-security] 20100714 Re: Multiple bugs in freetype",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127909326909362&w=2"
},
{
"name": "DSA-2070",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2070"
},
{
"name": "[oss-security] 20100713 Multiple bugs in freetype",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127905701201340&w=2"
},
{
"name": "1024266",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024266"
},
{
"name": "RHSA-2010:0578",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0578.html"
},
{
"name": "MDVSA-2010:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137"
},
{
"name": "RHSA-2010:0577",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0577.html"
},
{
"name": "48951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48951"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=613167",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=613167"
}
]
}
}

170
2010/2xxx/CVE-2010-2602.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2602",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Enterprise Server 5.0.0 through 5.0.2, 4.1.6, and 4.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24761",
"refsource" : "CONFIRM",
"url" : "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24761"
},
{
"name" : "45392",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45392"
},
{
"name" : "1024891",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024891"
},
{
"name" : "35632",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35632"
},
{
"name" : "ADV-2010-3237",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3237"
},
{
"name" : "bes-attachment-service-bo(64066)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64066"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Enterprise Server 5.0.0 through 5.0.2, 4.1.6, and 4.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45392"
},
{
"name": "bes-attachment-service-bo(64066)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64066"
},
{
"name": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24761",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24761"
},
{
"name": "ADV-2010-3237",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3237"
},
{
"name": "1024891",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024891"
},
{
"name": "35632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35632"
}
]
}
}

380
2010/2xxx/CVE-2010-2642.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=666318",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=666318"
},
{
"name" : "DSA-2357",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2357"
},
{
"name" : "FEDORA-2011-0208",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
},
{
"name" : "FEDORA-2011-0224",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
},
{
"name" : "GLSA-201701-57",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-57"
},
{
"name" : "MDVSA-2011:005",
"refsource" : "MANDRIVA",
"url" : "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
},
{
"name" : "MDVSA-2011:016",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:016"
},
{
"name" : "MDVSA-2011:017",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:017"
},
{
"name" : "MDVSA-2012:144",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name" : "RHSA-2011:0009",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
},
{
"name" : "RHSA-2012:1201",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name" : "SUSE-SR:2011:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name" : "USN-1035-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1035-1"
},
{
"name" : "45678",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45678"
},
{
"name" : "1024937",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024937"
},
{
"name" : "42769",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42769"
},
{
"name" : "42821",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42821"
},
{
"name" : "42847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42847"
},
{
"name" : "42872",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42872"
},
{
"name" : "ADV-2011-0029",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0029"
},
{
"name" : "ADV-2011-0043",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0043"
},
{
"name" : "ADV-2011-0056",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0056"
},
{
"name" : "ADV-2011-0097",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0097"
},
{
"name" : "ADV-2011-0102",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0102"
},
{
"name" : "ADV-2011-0193",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0193"
},
{
"name" : "ADV-2011-0194",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0194"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:005",
"refsource": "MANDRIVA",
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
},
{
"name": "MDVSA-2011:016",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:016"
},
{
"name": "42872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42872"
},
{
"name": "ADV-2011-0043",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0043"
},
{
"name": "ADV-2011-0029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0029"
},
{
"name": "FEDORA-2011-0224",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
},
{
"name": "42769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42769"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "RHSA-2012:1201",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "ADV-2011-0097",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0097"
},
{
"name": "ADV-2011-0193",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0193"
},
{
"name": "DSA-2357",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2357"
},
{
"name": "USN-1035-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1035-1"
},
{
"name": "MDVSA-2011:017",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:017"
},
{
"name": "ADV-2011-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0102"
},
{
"name": "42821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42821"
},
{
"name": "MDVSA-2012:144",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "ADV-2011-0056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0056"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=666318",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=666318"
},
{
"name": "RHSA-2011:0009",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
},
{
"name": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
},
{
"name": "1024937",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024937"
},
{
"name": "FEDORA-2011-0208",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
},
{
"name": "45678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45678"
},
{
"name": "GLSA-201701-57",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "42847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42847"
},
{
"name": "ADV-2011-0194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0194"
}
]
}
}

34
2010/3xxx/CVE-2010-3046.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3046",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3046",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2010/3xxx/CVE-2010-3308.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt",
"refsource" : "CONFIRM",
"url" : "http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt"
},
{
"name" : "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch",
"refsource" : "CONFIRM",
"url" : "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch"
},
{
"name" : "FEDORA-2010-15381",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/048999.html"
},
{
"name" : "FEDORA-2010-15508",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049053.html"
},
{
"name" : "FEDORA-2010-15516",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049073.html"
},
{
"name" : "RHSA-2010:0892",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0892.html"
},
{
"name" : "43588",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43588"
},
{
"name" : "1024749",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024749"
},
{
"name" : "41769",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41769"
},
{
"name" : "ADV-2010-2526",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2526"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41769"
},
{
"name": "ADV-2010-2526",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2526"
},
{
"name": "43588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43588"
},
{
"name": "RHSA-2010:0892",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0892.html"
},
{
"name": "1024749",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024749"
},
{
"name": "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch",
"refsource": "CONFIRM",
"url": "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch"
},
{
"name": "FEDORA-2010-15508",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049053.html"
},
{
"name": "FEDORA-2010-15381",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/048999.html"
},
{
"name": "FEDORA-2010-15516",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049073.html"
},
{
"name": "http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt",
"refsource": "CONFIRM",
"url": "http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt"
}
]
}
}

170
2010/3xxx/CVE-2010-3476.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3476",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://otrs.org/advisory/OSA-2010-02-en/",
"refsource" : "CONFIRM",
"url" : "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"name" : "http://security-tracker.debian.org/tracker/CVE-2010-2080",
"refsource" : "CONFIRM",
"url" : "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"name" : "SUSE-SR:2010:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name" : "43264",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43264"
},
{
"name" : "41381",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41381"
},
{
"name" : "otrs-regexpression-dos(61869)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61869"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security-tracker.debian.org/tracker/CVE-2010-2080",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"name": "41381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41381"
},
{
"name": "http://otrs.org/advisory/OSA-2010-02-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"name": "otrs-regexpression-dos(61869)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61869"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "43264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43264"
}
]
}
}

130
2010/3xxx/CVE-2010-3515.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Solaris component in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Disk Driver."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Solaris component in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Disk Driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

310
2010/3xxx/CVE-2010-3691.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3691",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"name" : "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"name" : "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"name" : "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538",
"refsource" : "CONFIRM",
"url" : "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"name" : "https://issues.jasig.org/browse/PHPCAS-80",
"refsource" : "CONFIRM",
"url" : "https://issues.jasig.org/browse/PHPCAS-80"
},
{
"name" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601",
"refsource" : "CONFIRM",
"url" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"name" : "DSA-2172",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2172"
},
{
"name" : "FEDORA-2010-15943",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"name" : "FEDORA-2010-15970",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"name" : "FEDORA-2010-16905",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"name" : "FEDORA-2010-16912",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"name" : "43585",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43585"
},
{
"name" : "41878",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41878"
},
{
"name" : "42149",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42149"
},
{
"name" : "42184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42184"
},
{
"name" : "43427",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43427"
},
{
"name" : "ADV-2010-2705",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2705"
},
{
"name" : "ADV-2010-2909",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2909"
},
{
"name" : "ADV-2011-0456",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0456"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"name": "DSA-2172",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"name": "https://issues.jasig.org/browse/PHPCAS-80",
"refsource": "CONFIRM",
"url": "https://issues.jasig.org/browse/PHPCAS-80"
},
{
"name": "ADV-2011-0456",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"name": "FEDORA-2010-15943",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"name": "FEDORA-2010-15970",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"name": "ADV-2010-2909",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"name": "43585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43585"
},
{
"name": "42149",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42149"
},
{
"name": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601",
"refsource": "CONFIRM",
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"name": "ADV-2010-2705",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2705"
},
{
"name": "43427",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43427"
},
{
"name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"name": "FEDORA-2010-16912",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"name": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538",
"refsource": "CONFIRM",
"url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"name": "FEDORA-2010-16905",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"name": "41878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41878"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"name": "42184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42184"
}
]
}
}

240
2010/4xxx/CVE-2010-4079.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20100915 [PATCH] drivers/media/video/ivtv/ivtvfb.c: prevent reading uninitialized stack memory",
"refsource" : "MLIST",
"url" : "http://lkml.org/lkml/2010/9/15/393"
},
{
"name" : "[oss-security] 20100925 CVE request: multiple kernel stack memory disclosures",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/25/2"
},
{
"name" : "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/10/07/1"
},
{
"name" : "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/10/06/6"
},
{
"name" : "[oss-security] 20101025 Re: CVE request: multiple kernel stack memory disclosures",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/10/25/3"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=405707985594169cfd0b1d97d29fcb4b4c6f2ac9",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=405707985594169cfd0b1d97d29fcb4b4c6f2ac9"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc8",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc8"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=648666",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=648666"
},
{
"name" : "DSA-2126",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2126"
},
{
"name" : "RHSA-2010:0958",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
},
{
"name" : "RHSA-2011:0007",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name" : "45062",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45062"
},
{
"name" : "42890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42890"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100925 CVE request: multiple kernel stack memory disclosures",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/25/2"
},
{
"name": "45062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45062"
},
{
"name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/06/6"
},
{
"name": "RHSA-2011:0007",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc8",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc8"
},
{
"name": "RHSA-2010:0958",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
},
{
"name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/07/1"
},
{
"name": "42890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42890"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=405707985594169cfd0b1d97d29fcb4b4c6f2ac9",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=405707985594169cfd0b1d97d29fcb4b4c6f2ac9"
},
{
"name": "[oss-security] 20101025 Re: CVE request: multiple kernel stack memory disclosures",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/25/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=648666",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648666"
},
{
"name": "[linux-kernel] 20100915 [PATCH] drivers/media/video/ivtv/ivtvfb.c: prevent reading uninitialized stack memory",
"refsource": "MLIST",
"url": "http://lkml.org/lkml/2010/9/15/393"
},
{
"name": "DSA-2126",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2126"
}
]
}
}

150
2010/4xxx/CVE-2010-4486.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=59554",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=59554"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html"
},
{
"name" : "oval:org.mitre.oval:def:11630",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11630"
},
{
"name" : "42472",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42472"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11630",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11630"
},
{
"name": "42472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42472"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=59554",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=59554"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html"
}
]
}
}

120
2010/4xxx/CVE-2010-4725.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Smarty before 3.0.0 RC3 does not properly handle an on value of the asp_tags option in the php.ini file, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt",
"refsource" : "CONFIRM",
"url" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Smarty before 3.0.0 RC3 does not properly handle an on value of the asp_tags option in the php.ini file, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt",
"refsource": "CONFIRM",
"url": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt"
}
]
}
}

180
2010/4xxx/CVE-2010-4851.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4851",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the (1) ref or (2) poll_id parameter to index.php, or the (3) country parameter to create_account.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15644",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15644"
},
{
"name" : "http://packetstormsecurity.org/files/view/96228/eclime112b-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/96228/eclime112b-sql.txt"
},
{
"name" : "http://www.htbridge.ch/advisory/sql_injection_in_eclime.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/sql_injection_in_eclime.html"
},
{
"name" : "http://www.htbridge.ch/advisory/sql_injection_in_eclime_1.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/sql_injection_in_eclime_1.html"
},
{
"name" : "http://www.htbridge.ch/advisory/sql_injection_in_eclime_2.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/sql_injection_in_eclime_2.html"
},
{
"name" : "45124",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45124"
},
{
"name" : "8399",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8399"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the (1) ref or (2) poll_id parameter to index.php, or the (3) country parameter to create_account.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8399",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8399"
},
{
"name": "http://www.htbridge.ch/advisory/sql_injection_in_eclime.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/sql_injection_in_eclime.html"
},
{
"name": "http://www.htbridge.ch/advisory/sql_injection_in_eclime_2.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/sql_injection_in_eclime_2.html"
},
{
"name": "45124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45124"
},
{
"name": "15644",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15644"
},
{
"name": "http://www.htbridge.ch/advisory/sql_injection_in_eclime_1.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/sql_injection_in_eclime_1.html"
},
{
"name": "http://packetstormsecurity.org/files/view/96228/eclime112b-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96228/eclime112b-sql.txt"
}
]
}
}

160
2010/4xxx/CVE-2010-4862.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4862",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15163",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15163"
},
{
"name" : "43630",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43630"
},
{
"name" : "68308",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/68308"
},
{
"name" : "41681",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41681"
},
{
"name" : "jedirectorycom-catid-sql-injection(62191)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62191"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41681",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41681"
},
{
"name": "15163",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15163"
},
{
"name": "43630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43630"
},
{
"name": "68308",
"refsource": "OSVDB",
"url": "http://osvdb.org/68308"
},
{
"name": "jedirectorycom-catid-sql-injection(62191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62191"
}
]
}
}

140
2011/5xxx/CVE-2011-5000.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5000",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110801 Useless OpenSSH resources exhausion bug via GSSAPI",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2011/Aug/2"
},
{
"name" : "http://site.pi3.com.pl/adv/ssh_1.txt",
"refsource" : "MISC",
"url" : "http://site.pi3.com.pl/adv/ssh_1.txt"
},
{
"name" : "RHSA-2012:0884",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0884.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110801 Useless OpenSSH resources exhausion bug via GSSAPI",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Aug/2"
},
{
"name": "RHSA-2012:0884",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0884.html"
},
{
"name": "http://site.pi3.com.pl/adv/ssh_1.txt",
"refsource": "MISC",
"url": "http://site.pi3.com.pl/adv/ssh_1.txt"
}
]
}
}

160
2011/5xxx/CVE-2011-5011.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5011",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Admins for requests that (1) set a New user to Admin via the cID parameter to a statusconfirm action in admin/customers.php and (2) grant permissions to users via the cID parameter to a save action in admin/accounting.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dishix.blogspot.com/2011/11/exploiting-xtcommerce-v304-sp21-cross.html",
"refsource" : "MISC",
"url" : "http://dishix.blogspot.com/2011/11/exploiting-xtcommerce-v304-sp21-cross.html"
},
{
"name" : "http://dishix.blogspot.com/p/xtcommerce-v304-sp21-cross-site-request_29.html",
"refsource" : "MISC",
"url" : "http://dishix.blogspot.com/p/xtcommerce-v304-sp21-cross-site-request_29.html"
},
{
"name" : "77498",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77498"
},
{
"name" : "47032",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47032"
},
{
"name" : "xtcommerce-customers-accounting-csrf(71642)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71642"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Admins for requests that (1) set a New user to Admin via the cID parameter to a statusconfirm action in admin/customers.php and (2) grant permissions to users via the cID parameter to a save action in admin/accounting.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dishix.blogspot.com/p/xtcommerce-v304-sp21-cross-site-request_29.html",
"refsource": "MISC",
"url": "http://dishix.blogspot.com/p/xtcommerce-v304-sp21-cross-site-request_29.html"
},
{
"name": "77498",
"refsource": "OSVDB",
"url": "http://osvdb.org/77498"
},
{
"name": "xtcommerce-customers-accounting-csrf(71642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71642"
},
{
"name": "47032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47032"
},
{
"name": "http://dishix.blogspot.com/2011/11/exploiting-xtcommerce-v304-sp21-cross.html",
"refsource": "MISC",
"url": "http://dishix.blogspot.com/2011/11/exploiting-xtcommerce-v304-sp21-cross.html"
}
]
}
}

290
2011/5xxx/CVE-2011-5110.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5110",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111119 Blogs manager <= 1.101 SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520571/100/0/threaded"
},
{
"name" : "18129",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18129"
},
{
"name" : "20111118 Blogs manager <= 1.101 SQL Injection Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0303.html"
},
{
"name" : "http://sourceforge.net/tracker/?func=detail&aid=3506818&group_id=219284&atid=1045881",
"refsource" : "MISC",
"url" : "http://sourceforge.net/tracker/?func=detail&aid=3506818&group_id=219284&atid=1045881"
},
{
"name" : "50731",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50731"
},
{
"name" : "77250",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77250"
},
{
"name" : "77251",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77251"
},
{
"name" : "77252",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77252"
},
{
"name" : "77253",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77253"
},
{
"name" : "77254",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77254"
},
{
"name" : "77255",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77255"
},
{
"name" : "77256",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77256"
},
{
"name" : "77257",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77257"
},
{
"name" : "77258",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77258"
},
{
"name" : "77259",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77259"
},
{
"name" : "77260",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77260"
},
{
"name" : "46918",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46918"
},
{
"name" : "blogsmanager-searchfield-sql-injection(71401)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71401"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20111118 Blogs manager <= 1.101 SQL Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0303.html"
},
{
"name": "77255",
"refsource": "OSVDB",
"url": "http://osvdb.org/77255"
},
{
"name": "77256",
"refsource": "OSVDB",
"url": "http://osvdb.org/77256"
},
{
"name": "77259",
"refsource": "OSVDB",
"url": "http://osvdb.org/77259"
},
{
"name": "77251",
"refsource": "OSVDB",
"url": "http://osvdb.org/77251"
},
{
"name": "77257",
"refsource": "OSVDB",
"url": "http://osvdb.org/77257"
},
{
"name": "77258",
"refsource": "OSVDB",
"url": "http://osvdb.org/77258"
},
{
"name": "blogsmanager-searchfield-sql-injection(71401)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71401"
},
{
"name": "18129",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18129"
},
{
"name": "http://sourceforge.net/tracker/?func=detail&aid=3506818&group_id=219284&atid=1045881",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail&aid=3506818&group_id=219284&atid=1045881"
},
{
"name": "77252",
"refsource": "OSVDB",
"url": "http://osvdb.org/77252"
},
{
"name": "77260",
"refsource": "OSVDB",
"url": "http://osvdb.org/77260"
},
{
"name": "77254",
"refsource": "OSVDB",
"url": "http://osvdb.org/77254"
},
{
"name": "20111119 Blogs manager <= 1.101 SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520571/100/0/threaded"
},
{
"name": "50731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50731"
},
{
"name": "77250",
"refsource": "OSVDB",
"url": "http://osvdb.org/77250"
},
{
"name": "77253",
"refsource": "OSVDB",
"url": "http://osvdb.org/77253"
},
{
"name": "46918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46918"
}
]
}
}

132
2014/10xxx/CVE-2014-10039.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2014-10039",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile",
"version" : {
"version_data" : [
{
"version_value" : "MDM9625, SD 400, SD 800"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without first calling qsee_app_entry() will cause the stack to be restored to an older state resulting in a return to an unexpected location."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Lack of enforcement of proper sequence of calls in QTEE"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2014-10039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "MDM9625, SD 400, SD 800"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without first calling qsee_app_entry() will cause the stack to be restored to an older state resulting in a return to an unexpected location."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of enforcement of proper sequence of calls in QTEE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

170
2014/3xxx/CVE-2014-3316.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3316",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34899",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34899"
},
{
"name" : "20140709 Cisco Unified Communications Manager DNA Arbitrary File Upload Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316"
},
{
"name" : "68479",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68479"
},
{
"name" : "1030554",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030554"
},
{
"name" : "59730",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59730"
},
{
"name" : "cucm-cve20143316-file-upload(94429)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94429"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030554",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030554"
},
{
"name": "20140709 Cisco Unified Communications Manager DNA Arbitrary File Upload Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316"
},
{
"name": "68479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68479"
},
{
"name": "59730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59730"
},
{
"name": "cucm-cve20143316-file-upload(94429)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94429"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34899",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34899"
}
]
}
}

130
2014/3xxx/CVE-2014-3500.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3500",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cordova.apache.org/announcements/2014/08/04/android-351.html",
"refsource" : "CONFIRM",
"url" : "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"name" : "69038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cordova.apache.org/announcements/2014/08/04/android-351.html",
"refsource": "CONFIRM",
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"name": "69038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69038"
}
]
}
}

520
2014/3xxx/CVE-2014-3569.json
View File

@ -1,262 +1,262 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html",
"refsource" : "CONFIRM",
"url" : "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html"
},
{
"name" : "http://rt.openssl.org/Ticket/Display.html?id=3571&user=guest&pass=guest",
"refsource" : "CONFIRM",
"url" : "http://rt.openssl.org/Ticket/Display.html?id=3571&user=guest&pass=guest"
},
{
"name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5"
},
{
"name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d"
},
{
"name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b"
},
{
"name" : "https://security-tracker.debian.org/tracker/CVE-2014-3569",
"refsource" : "CONFIRM",
"url" : "https://security-tracker.debian.org/tracker/CVE-2014-3569"
},
{
"name" : "https://www.openssl.org/news/secadv_20150108.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"name" : "https://support.apple.com/HT204659",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204659"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa88",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10102",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10102"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10108",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10108"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "https://support.citrix.com/article/CTX216642",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX216642"
},
{
"name" : "APPLE-SA-2015-04-08-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name" : "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
},
{
"name" : "DSA-3125",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3125"
},
{
"name" : "HPSBUX03244",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142496289803847&w=2"
},
{
"name" : "SSRT101885",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142496289803847&w=2"
},
{
"name" : "HPSBHF03289",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142721102728110&w=2"
},
{
"name" : "HPSBMU03380",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2"
},
{
"name" : "HPSBMU03396",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050205101530&w=2"
},
{
"name" : "HPSBMU03397",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050297101809&w=2"
},
{
"name" : "HPSBMU03409",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
},
{
"name" : "HPSBMU03413",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050254401665&w=2"
},
{
"name" : "HPSBOV03318",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142895206924048&w=2"
},
{
"name" : "HPSBUX03162",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142496179803395&w=2"
},
{
"name" : "MDVSA-2015:019",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
},
{
"name" : "MDVSA-2015:062",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"name" : "openSUSE-SU-2015:0130",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"name" : "SUSE-SU-2015:0946",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"name" : "openSUSE-SU-2016:0640",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name" : "71934",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71934"
},
{
"name" : "1033378",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033378"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71934"
},
{
"name": "HPSBOV03318",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142895206924048&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "openSUSE-SU-2015:0130",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
},
{
"name": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html",
"refsource": "CONFIRM",
"url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html"
},
{
"name": "HPSBMU03409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
},
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2014-3569",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3569"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "HPSBMU03380",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "1033378",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033378"
},
{
"name": "HPSBHF03289",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142721102728110&w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "https://www.openssl.org/news/secadv_20150108.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "MDVSA-2015:019",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b"
},
{
"name": "HPSBUX03244",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102"
},
{
"name": "SUSE-SU-2015:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"name": "HPSBMU03397",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "HPSBMU03396",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050205101530&w=2"
},
{
"name": "HPSBUX03162",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142496179803395&w=2"
},
{
"name": "MDVSA-2015:062",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"name": "https://support.citrix.com/article/CTX216642",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "HPSBMU03413",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050254401665&w=2"
},
{
"name": "SSRT101885",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"
},
{
"name": "http://rt.openssl.org/Ticket/Display.html?id=3571&user=guest&pass=guest",
"refsource": "CONFIRM",
"url": "http://rt.openssl.org/Ticket/Display.html?id=3571&user=guest&pass=guest"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa88",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5"
},
{
"name": "DSA-3125",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3125"
}
]
}
}

130
2014/4xxx/CVE-2014-4187.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4187",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140614 ClipBucket CMS Xss Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532432/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/127098/ClipBucket-CMS-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127098/ClipBucket-CMS-Cross-Site-Scripting.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127098/ClipBucket-CMS-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127098/ClipBucket-CMS-Cross-Site-Scripting.html"
},
{
"name": "20140614 ClipBucket CMS Xss Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532432/100/0/threaded"
}
]
}
}

380
2014/4xxx/CVE-2014-4221.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4221",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334"
},
{
"name" : "DSA-2987",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2987"
},
{
"name" : "GLSA-201502-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name" : "HPSBUX03091",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "SSRT101667",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "RHSA-2014:0902",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0902"
},
{
"name" : "SUSE-SU-2015:0344",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
},
{
"name" : "68571",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68571"
},
{
"name" : "1030577",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030577"
},
{
"name" : "60081",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60081"
},
{
"name" : "60317",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60317"
},
{
"name" : "61577",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61577"
},
{
"name" : "61640",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61640"
},
{
"name" : "60817",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60817"
},
{
"name" : "60485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60485"
},
{
"name" : "59924",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59924"
},
{
"name" : "59987",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59987"
},
{
"name" : "59680",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59680"
},
{
"name" : "60622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60622"
},
{
"name" : "60812",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60812"
},
{
"name" : "oracle-cpujul2014-cve20144221(94604)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2987",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2987"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "HPSBUX03091",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "1030577",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030577"
},
{
"name": "59987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59987"
},
{
"name": "SSRT101667",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "60812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60812"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "60817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60817"
},
{
"name": "59924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59924"
},
{
"name": "61577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61577"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "60485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60485"
},
{
"name": "59680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59680"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334"
},
{
"name": "60622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60622"
},
{
"name": "60081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60081"
},
{
"name": "68571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68571"
},
{
"name": "RHSA-2014:0902",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0902"
},
{
"name": "61640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61640"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824"
},
{
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name": "oracle-cpujul2014-cve20144221(94604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94604"
},
{
"name": "60317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60317"
},
{
"name": "SUSE-SU-2015:0344",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
}
]
}
}

34
2014/4xxx/CVE-2014-4933.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4933",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4933",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8051.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8051",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8051",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

130
2014/8xxx/CVE-2014-8508.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8508",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-371/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-371/"
},
{
"name" : "70892",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70892"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70892"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-371/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-371/"
}
]
}
}

34
2014/8xxx/CVE-2014-8673.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8673",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8673",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8879.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8879",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8879",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/9xxx/CVE-2014-9309.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9309",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9309",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/9xxx/CVE-2014-9787.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and Qualcomm internal bug CR545764."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=528400ae4cba715f6c9ff4a2657dafd913f30b8b",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=528400ae4cba715f6c9ff4a2657dafd913f30b8b"
},
{
"name" : "91628",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91628"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and Qualcomm internal bug CR545764."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91628"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=528400ae4cba715f6c9ff4a2657dafd913f30b8b",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=528400ae4cba715f6c9ff4a2657dafd913f30b8b"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

180
2014/9xxx/CVE-2014-9906.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-9906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160727 CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/27/5"
},
{
"name" : "[oss-security] 20160727 Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/27/6"
},
{
"name" : "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog"
},
{
"name" : "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc",
"refsource" : "CONFIRM",
"url" : "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc"
},
{
"name" : "https://rt.cpan.org/Public/Bug/Display.html?id=97625",
"refsource" : "CONFIRM",
"url" : "https://rt.cpan.org/Public/Bug/Display.html?id=97625"
},
{
"name" : "DSA-3635",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3635"
},
{
"name" : "92149",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92149"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rt.cpan.org/Public/Bug/Display.html?id=97625",
"refsource": "CONFIRM",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=97625"
},
{
"name": "[oss-security] 20160727 CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/5"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc",
"refsource": "CONFIRM",
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc"
},
{
"name": "[oss-security] 20160727 Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/27/6"
},
{
"name": "DSA-3635",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3635"
},
{
"name": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.029/ChangeLog"
},
{
"name": "92149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92149"
}
]
}
}

34
2016/2xxx/CVE-2016-2234.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2234",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2234",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/2xxx/CVE-2016-2636.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2636",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2636",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2699.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2699",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2699",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

270
2016/3xxx/CVE-2016-3503.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20160721-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20160721-0001/"
},
{
"name" : "GLSA-201610-08",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-08"
},
{
"name" : "RHSA-2016:1475",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1475"
},
{
"name" : "RHSA-2016:1476",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1476"
},
{
"name" : "RHSA-2016:1477",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1477"
},
{
"name" : "SUSE-SU-2016:1997",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
},
{
"name" : "SUSE-SU-2016:2012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
},
{
"name" : "openSUSE-SU-2016:1979",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
},
{
"name" : "openSUSE-SU-2016:2050",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
},
{
"name" : "openSUSE-SU-2016:2051",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
},
{
"name" : "openSUSE-SU-2016:2052",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
},
{
"name" : "openSUSE-SU-2016:2058",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91996",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91996"
},
{
"name" : "1036365",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036365"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "GLSA-201610-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-08"
},
{
"name": "SUSE-SU-2016:2012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
},
{
"name": "openSUSE-SU-2016:2052",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20160721-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160721-0001/"
},
{
"name": "RHSA-2016:1475",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1475"
},
{
"name": "91996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91996"
},
{
"name": "openSUSE-SU-2016:2051",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
},
{
"name": "1036365",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036365"
},
{
"name": "RHSA-2016:1477",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1477"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1476",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1476"
},
{
"name": "SUSE-SU-2016:1997",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
},
{
"name": "openSUSE-SU-2016:2050",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
},
{
"name": "openSUSE-SU-2016:1979",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
},
{
"name": "openSUSE-SU-2016:2058",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
}
]
}
}

34
2016/6xxx/CVE-2016-6314.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6314",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6314",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2016/6xxx/CVE-2016-6413.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160921 Cisco Application Policy Infrastructure Controller Binary Privilege Escalation Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-apic"
},
{
"name" : "1036872",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036872"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160921 Cisco Application Policy Infrastructure Controller Binary Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-apic"
},
{
"name": "1036872",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036872"
}
]
}
}

120
2016/6xxx/CVE-2016-6900.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6900",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 servers with software before V100R003C10SPC102; and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 allows local users to cause a denial of service (iBMC resource consumption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-server-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-server-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 servers with software before V100R003C10SPC102; and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 allows local users to cause a denial of service (iBMC resource consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-server-en"
}
]
}
}

140
2016/6xxx/CVE-2016-6950.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "93496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93496"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name": "93496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93496"
}
]
}
}

140
2016/7xxx/CVE-2016-7212.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka \"Windows Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-130",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-130"
},
{
"name" : "94027",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94027"
},
{
"name" : "1037241",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037241"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka \"Windows Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-130",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-130"
},
{
"name": "1037241",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037241"
},
{
"name": "94027",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94027"
}
]
}
}

160
2016/7xxx/CVE-2016-7613.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7613",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207269",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207269"
},
{
"name" : "https://support.apple.com/HT207270",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207270"
},
{
"name" : "https://support.apple.com/HT207271",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207271"
},
{
"name" : "https://support.apple.com/HT207275",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207275"
},
{
"name" : "94116",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94116"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207271",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207271"
},
{
"name": "https://support.apple.com/HT207269",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207269"
},
{
"name": "https://support.apple.com/HT207270",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207270"
},
{
"name": "https://support.apple.com/HT207275",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207275"
},
{
"name": "94116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94116"
}
]
}
}

34
2016/7xxx/CVE-2016-7730.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7730",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7730",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/7xxx/CVE-2016-7955.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7955",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an \"AV Report Scheduler\" HTTP User-Agent header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20170306 CVE-2016-7955 - Alienvault OSSIM/USM Authentication Bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/540224/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-517/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-517/"
},
{
"name" : "https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfix",
"refsource" : "CONFIRM",
"url" : "https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfix"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an \"AV Report Scheduler\" HTTP User-Agent header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170306 CVE-2016-7955 - Alienvault OSSIM/USM Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540224/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-517/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-517/"
},
{
"name": "https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfix",
"refsource": "CONFIRM",
"url": "https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfix"
}
]
}
}