admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:55:59 +00:00
parent 2dd6f92f86
commit 2e91566532
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4210 additions and 4210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
2006/5xxx/CVE-2006-5102.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in include/editfunc.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2439",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2439"
},
{
"name" : "20237",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20237"
},
{
"name" : "ADV-2006-3816",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3816"
},
{
"name" : "37965",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37965"
},
{
"name" : "newswritersw-editfunc-file-include(29200)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29200"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in include/editfunc.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3816",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3816"
},
{
"name": "37965",
"refsource": "OSVDB",
"url": "http://osvdb.org/37965"
},
{
"name": "newswritersw-editfunc-file-include(29200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29200"
},
{
"name": "20237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20237"
},
{
"name": "2439",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2439"
}
]
}
}

158
2006/5xxx/CVE-2006-5146.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060930 Yblog => Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447427/100/0/threaded"
},
{
"name" : "20061002 yblog: distributable product",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-October/001065.html"
},
{
"name" : "20280",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20280"
},
{
"name" : "1679",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1679"
},
{
"name" : "yblog-multiple-xss(29291)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29291"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1679",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1679"
},
{
"name": "20060930 Yblog => Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447427/100/0/threaded"
},
{
"name": "20061002 yblog: distributable product",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-October/001065.html"
},
{
"name": "20280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20280"
},
{
"name": "yblog-multiple-xss(29291)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29291"
}
]
}
}

198
2006/5xxx/CVE-2006-5320.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5320",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in getimg.php in Album Photo Sans Nom 1.6 allows remote attackers to read arbitrary files via the img parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061007 7 php scripts File Inclusion / Source disclosure Vuln",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448096/100/0/threaded"
},
{
"name" : "http://acid-root.new.fr/poc/13061007.txt",
"refsource" : "MISC",
"url" : "http://acid-root.new.fr/poc/13061007.txt"
},
{
"name" : "2507",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2507"
},
{
"name" : "20061220 Provable vendor ACK for Album Photo Sans Nom traversal issue",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-December/001193.html"
},
{
"name" : "20441",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20441"
},
{
"name" : "ADV-2006-4008",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4008"
},
{
"name" : "29673",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29673"
},
{
"name" : "22375",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22375"
},
{
"name" : "album-photo-getimg-file-include(29473)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29473"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in getimg.php in Album Photo Sans Nom 1.6 allows remote attackers to read arbitrary files via the img parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29673",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29673"
},
{
"name": "22375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22375"
},
{
"name": "ADV-2006-4008",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4008"
},
{
"name": "2507",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2507"
},
{
"name": "http://acid-root.new.fr/poc/13061007.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/poc/13061007.txt"
},
{
"name": "20061220 Provable vendor ACK for Album Photo Sans Nom traversal issue",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-December/001193.html"
},
{
"name": "album-photo-getimg-file-include(29473)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29473"
},
{
"name": "20061007 7 php scripts File Inclusion / Source disclosure Vuln",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448096/100/0/threaded"
},
{
"name": "20441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20441"
}
]
}
}

278
2006/5xxx/CVE-2006-5478.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5478",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061026 ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449899/100/0/threaded"
},
{
"name" : "20061028 Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450017/100/0/threaded"
},
{
"name" : "20061103 ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450520/100/100/threaded"
},
{
"name" : "20061028 ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050382.html"
},
{
"name" : "20061028 ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050388.html"
},
{
"name" : "http://www.mnin.org/advisories/2006_novell_httpstk.pdf",
"refsource" : "MISC",
"url" : "http://www.mnin.org/advisories/2006_novell_httpstk.pdf"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-035.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-035.html"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-036.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-036.html"
},
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm"
},
{
"name" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3723994&sliceId=SAL_Public&dialogID=16776123&stateId=1%200%202648401",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3723994&sliceId=SAL_Public&dialogID=16776123&stateId=1%200%202648401"
},
{
"name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html",
"refsource" : "CONFIRM",
"url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html"
},
{
"name" : "20655",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20655"
},
{
"name" : "20853",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20853"
},
{
"name" : "ADV-2006-4141",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4141"
},
{
"name" : "1017125",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017125"
},
{
"name" : "1017141",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017141"
},
{
"name" : "22519",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22519"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061028 ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050388.html"
},
{
"name": "20655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20655"
},
{
"name": "20061026 ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449899/100/0/threaded"
},
{
"name": "http://www.mnin.org/advisories/2006_novell_httpstk.pdf",
"refsource": "MISC",
"url": "http://www.mnin.org/advisories/2006_novell_httpstk.pdf"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-036.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-036.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-035.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-035.html"
},
{
"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html"
},
{
"name": "1017141",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017141"
},
{
"name": "1017125",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017125"
},
{
"name": "20061028 ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050382.html"
},
{
"name": "20061103 ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450520/100/100/threaded"
},
{
"name": "20061028 Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450017/100/0/threaded"
},
{
"name": "ADV-2006-4141",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4141"
},
{
"name": "20853",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20853"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm"
},
{
"name": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3723994&sliceId=SAL_Public&dialogID=16776123&stateId=1%200%202648401",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3723994&sliceId=SAL_Public&dialogID=16776123&stateId=1%200%202648401"
},
{
"name": "22519",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22519"
}
]
}
}

148
2006/5xxx/CVE-2006-5798.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5798",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in default.asp in Xenis.creator CMS allows remote attackers to execute arbitrary SQL commands via the contid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061104 Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=116267021732120&w=2"
},
{
"name" : "20908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20908"
},
{
"name" : "1017162",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017162"
},
{
"name" : "xeniscreatorcms-default-sql-injection(30017)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30017"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in default.asp in Xenis.creator CMS allows remote attackers to execute arbitrary SQL commands via the contid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20908"
},
{
"name": "xeniscreatorcms-default-sql-injection(30017)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30017"
},
{
"name": "20061104 Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=116267021732120&w=2"
},
{
"name": "1017162",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017162"
}
]
}
}

188
2007/2xxx/CVE-2007-2132.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name" : "TA07-108A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
},
{
"name" : "23532",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23532"
},
{
"name" : "ADV-2007-1426",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1426"
},
{
"name" : "1017927",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017927"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA07-108A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
},
{
"name": "23532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23532"
},
{
"name": "1017927",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017927"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "ADV-2007-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1426"
}
]
}
}

258
2007/2xxx/CVE-2007-2222.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-2222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4065",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/4065"
},
{
"name" : "http://retrogod.altervista.org/win_speech_2k_sp4.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/win_speech_2k_sp4.html"
},
{
"name" : "http://retrogod.altervista.org/win_speech_xp_sp2.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/win_speech_xp_sp2.html"
},
{
"name" : "HPSBST02231",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name" : "SSRT071438",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name" : "MS07-033",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
},
{
"name" : "TA07-163A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name" : "VU#507433",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/507433"
},
{
"name" : "24426",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24426"
},
{
"name" : "35353",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35353"
},
{
"name" : "ADV-2007-2153",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2153"
},
{
"name" : "oval:org.mitre.oval:def:2031",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031"
},
{
"name" : "1018235",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018235"
},
{
"name" : "25627",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25627"
},
{
"name" : "ie-speech-code-execution(34630)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34630"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-speech-code-execution(34630)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34630"
},
{
"name": "35353",
"refsource": "OSVDB",
"url": "http://osvdb.org/35353"
},
{
"name": "VU#507433",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/507433"
},
{
"name": "25627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25627"
},
{
"name": "4065",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/4065"
},
{
"name": "SSRT071438",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name": "24426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24426"
},
{
"name": "1018235",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018235"
},
{
"name": "http://retrogod.altervista.org/win_speech_2k_sp4.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/win_speech_2k_sp4.html"
},
{
"name": "ADV-2007-2153",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2153"
},
{
"name": "TA07-163A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "oval:org.mitre.oval:def:2031",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031"
},
{
"name": "http://retrogod.altervista.org/win_speech_xp_sp2.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/win_speech_xp_sp2.html"
},
{
"name": "MS07-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
},
{
"name": "HPSBST02231",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
]
}
}

128
2007/2xxx/CVE-2007-2382.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2382",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf",
"refsource" : "MISC",
"url" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf"
},
{
"name" : "43327",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/43327"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf",
"refsource": "MISC",
"url": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf"
},
{
"name": "43327",
"refsource": "OSVDB",
"url": "http://osvdb.org/43327"
}
]
}
}

178
2007/2xxx/CVE-2007-2494.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2494",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3826",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3826"
},
{
"name" : "http://moaxb.blogspot.com/2007/05/moaxb-01-powerpointviewerocx-31.html",
"refsource" : "MISC",
"url" : "http://moaxb.blogspot.com/2007/05/moaxb-01-powerpointviewerocx-31.html"
},
{
"name" : "23733",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23733"
},
{
"name" : "ADV-2007-1612",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1612"
},
{
"name" : "34332",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34332"
},
{
"name" : "25092",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25092"
},
{
"name" : "office-powerpoint-ocx-bo(34013)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34013"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moaxb.blogspot.com/2007/05/moaxb-01-powerpointviewerocx-31.html",
"refsource": "MISC",
"url": "http://moaxb.blogspot.com/2007/05/moaxb-01-powerpointviewerocx-31.html"
},
{
"name": "3826",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3826"
},
{
"name": "office-powerpoint-ocx-bo(34013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34013"
},
{
"name": "34332",
"refsource": "OSVDB",
"url": "http://osvdb.org/34332"
},
{
"name": "23733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23733"
},
{
"name": "25092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25092"
},
{
"name": "ADV-2007-1612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1612"
}
]
}
}

148
2007/2xxx/CVE-2007-2566.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2566",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service (disk consumption) by uploading multiple bar codes, as demonstrated by a WSF package."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070505 Taltech Tal Bar Code ActiveX Control Memory Corruption Vulnerability(-ies)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/467822/100/0/threaded"
},
{
"name" : "25180",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25180"
},
{
"name" : "2683",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2683"
},
{
"name" : "ttbc-savebarcode-file-upload(34130)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34130"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service (disk consumption) by uploading multiple bar codes, as demonstrated by a WSF package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070505 Taltech Tal Bar Code ActiveX Control Memory Corruption Vulnerability(-ies)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467822/100/0/threaded"
},
{
"name": "2683",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2683"
},
{
"name": "ttbc-savebarcode-file-upload(34130)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34130"
},
{
"name": "25180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25180"
}
]
}
}

168
2007/2xxx/CVE-2007-2685.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2685",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070521 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/469223/100/0/threaded"
},
{
"name" : "20070521 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=117974433216496&w=2"
},
{
"name" : "http://www.netvigilance.com/advisory0028",
"refsource" : "MISC",
"url" : "http://www.netvigilance.com/advisory0028"
},
{
"name" : "24077",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24077"
},
{
"name" : "34784",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/34784"
},
{
"name" : "jetbox-index-sql-injection(34387)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34387"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24077"
},
{
"name": "20070521 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469223/100/0/threaded"
},
{
"name": "20070521 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=117974433216496&w=2"
},
{
"name": "http://www.netvigilance.com/advisory0028",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0028"
},
{
"name": "jetbox-index-sql-injection(34387)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34387"
},
{
"name": "34784",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34784"
}
]
}
}

168
2007/2xxx/CVE-2007-2704.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2704",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "BEA07-168.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/237"
},
{
"name" : "ADV-2007-1815",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1815"
},
{
"name" : "36064",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36064"
},
{
"name" : "1018057",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018057"
},
{
"name" : "25284",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25284"
},
{
"name" : "weblogic-ssl-port-dos(34278)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34278"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "weblogic-ssl-port-dos(34278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34278"
},
{
"name": "1018057",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018057"
},
{
"name": "25284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25284"
},
{
"name": "BEA07-168.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/237"
},
{
"name": "ADV-2007-1815",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1815"
},
{
"name": "36064",
"refsource": "OSVDB",
"url": "http://osvdb.org/36064"
}
]
}
}

168
2007/3xxx/CVE-2007-3119.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3119",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4040",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4040"
},
{
"name" : "24362",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24362"
},
{
"name" : "ADV-2007-2098",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2098"
},
{
"name" : "37170",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37170"
},
{
"name" : "25565",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25565"
},
{
"name" : "kartlialisveris-news-sql-injection(34756)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34756"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "kartlialisveris-news-sql-injection(34756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34756"
},
{
"name": "4040",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4040"
},
{
"name": "25565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25565"
},
{
"name": "24362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24362"
},
{
"name": "37170",
"refsource": "OSVDB",
"url": "http://osvdb.org/37170"
},
{
"name": "ADV-2007-2098",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2098"
}
]
}
}

158
2007/3xxx/CVE-2007-3535.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3535",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4124",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4124"
},
{
"name" : "37110",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37110"
},
{
"name" : "37111",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37111"
},
{
"name" : "25893",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25893"
},
{
"name" : "glshdeaf-functionsbottom-file-include(35160)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35160"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25893"
},
{
"name": "glshdeaf-functionsbottom-file-include(35160)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35160"
},
{
"name": "4124",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4124"
},
{
"name": "37111",
"refsource": "OSVDB",
"url": "http://osvdb.org/37111"
},
{
"name": "37110",
"refsource": "OSVDB",
"url": "http://osvdb.org/37110"
}
]
}
}

158
2007/3xxx/CVE-2007-3547.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3547",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4116",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4116"
},
{
"name" : "24670",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24670"
},
{
"name" : "37605",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37605"
},
{
"name" : "25852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25852/"
},
{
"name" : "quickticket-checkname-file-include(35115)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35115"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24670"
},
{
"name": "37605",
"refsource": "OSVDB",
"url": "http://osvdb.org/37605"
},
{
"name": "25852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25852/"
},
{
"name": "quickticket-checkname-file-include(35115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35115"
},
{
"name": "4116",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4116"
}
]
}
}

238
2007/3xxx/CVE-2007-3760.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3760",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=306586",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307041",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name" : "APPLE-SA-2007-09-27",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2007-11-14",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
},
{
"name" : "TA07-319A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name" : "25850",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25850"
},
{
"name" : "26444",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26444"
},
{
"name" : "ADV-2007-3287",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name" : "ADV-2007-3868",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name" : "1018752",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018752"
},
{
"name" : "26983",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26983"
},
{
"name" : "27643",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27643"
},
{
"name" : "iphone-frametags-security-bypass(36859)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36859"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2007-09-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306586",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "iphone-frametags-security-bypass(36859)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36859"
},
{
"name": "26444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307041",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "26983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "ADV-2007-3287",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "27643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27643"
},
{
"name": "25850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25850"
},
{
"name": "TA07-319A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "1018752",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018752"
}
]
}
}

148
2007/6xxx/CVE-2007-6093.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6093",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is \"much more than expected.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ingate.com/relnote-460.php",
"refsource" : "CONFIRM",
"url" : "http://www.ingate.com/relnote-460.php"
},
{
"name" : "26486",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26486"
},
{
"name" : "42174",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42174"
},
{
"name" : "27688",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27688"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is \"much more than expected.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27688"
},
{
"name": "26486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26486"
},
{
"name": "42174",
"refsource": "OSVDB",
"url": "http://osvdb.org/42174"
},
{
"name": "http://www.ingate.com/relnote-460.php",
"refsource": "CONFIRM",
"url": "http://www.ingate.com/relnote-460.php"
}
]
}
}

178
2010/0xxx/CVE-2010-0148.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0148",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via \"a series of TCP packets.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name" : "38273",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38273"
},
{
"name" : "62445",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62445"
},
{
"name" : "1023607",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023607"
},
{
"name" : "38619",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38619"
},
{
"name" : "ADV-2010-0416",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name" : "cisco-securityagent-tcp-dos(56347)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via \"a series of TCP packets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-securityagent-tcp-dos(56347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
},
{
"name": "1023607",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023607"
},
{
"name": "38619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38619"
},
{
"name": "ADV-2010-0416",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "38273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38273"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "62445",
"refsource": "OSVDB",
"url": "http://osvdb.org/62445"
}
]
}
}

148
2010/0xxx/CVE-2010-0606.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0606",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf"
},
{
"name" : "http://osticket.com/forums/project.php?issueid=176",
"refsource" : "CONFIRM",
"url" : "http://osticket.com/forums/project.php?issueid=176"
},
{
"name" : "38166",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38166"
},
{
"name" : "38515",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38515"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38166"
},
{
"name": "http://osticket.com/forums/project.php?issueid=176",
"refsource": "CONFIRM",
"url": "http://osticket.com/forums/project.php?issueid=176"
},
{
"name": "38515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38515"
},
{
"name": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf"
}
]
}
}

128
2010/0xxx/CVE-2010-0818.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0818",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified \"supported format,\" aka \"MPEG-4 Codec Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-062",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-062"
},
{
"name" : "oval:org.mitre.oval:def:7318",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7318"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified \"supported format,\" aka \"MPEG-4 Codec Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7318",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7318"
},
{
"name": "MS10-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-062"
}
]
}
}

128
2010/1xxx/CVE-2010-1178.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1178",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nishantdaspatnaik.yolasite.com/ipodpoc3.php",
"refsource" : "MISC",
"url" : "http://nishantdaspatnaik.yolasite.com/ipodpoc3.php"
},
{
"name" : "safari-iphone-javascript-dos(57993)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57993"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nishantdaspatnaik.yolasite.com/ipodpoc3.php",
"refsource": "MISC",
"url": "http://nishantdaspatnaik.yolasite.com/ipodpoc3.php"
},
{
"name": "safari-iphone-javascript-dos(57993)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57993"
}
]
}
}

148
2010/1xxx/CVE-2010-1183.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100324 Symlink attack with Solaris Update manager",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510305/100/0/threaded"
},
{
"name" : "20100324 Symlink attack with Solaris Update manager and Sun Patch Cluster",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510311/100/0/threaded"
},
{
"name" : "38928",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38928"
},
{
"name" : "solaris-update-manager-multiple-symlink(57149)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57149"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100324 Symlink attack with Solaris Update manager and Sun Patch Cluster",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510311/100/0/threaded"
},
{
"name": "38928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38928"
},
{
"name": "solaris-update-manager-multiple-symlink(57149)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57149"
},
{
"name": "20100324 Symlink attack with Solaris Update manager",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510305/100/0/threaded"
}
]
}
}

148
2010/1xxx/CVE-2010-1227.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1227",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100313 Sun Java System Communication Express CSRF via HPP",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "42990",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42990"
},
{
"name" : "ADV-2011-0157",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0157"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100313 Sun Java System Communication Express CSRF via HPP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"name": "ADV-2011-0157",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "42990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42990"
}
]
}
}

128
2010/5xxx/CVE-2010-5064.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2010/Aug/235"
},
{
"name" : "http://dmcdonald.net/vwar.txt",
"refsource" : "MISC",
"url" : "http://dmcdonald.net/vwar.txt"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dmcdonald.net/vwar.txt",
"refsource": "MISC",
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
]
}
}

32
2010/5xxx/CVE-2010-5130.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5130",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-5130",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

178
2014/0xxx/CVE-2014-0257.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0257",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka \"Type Traversal Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-0257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "33892",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/33892"
},
{
"name" : "http://packetstormsecurity.com/files/127246/MS14-009-.NET-Deployment-Service-IE-Sandbox-Escape.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127246/MS14-009-.NET-Deployment-Service-IE-Sandbox-Escape.html"
},
{
"name" : "MS14-009",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009"
},
{
"name" : "65417",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65417"
},
{
"name" : "103163",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/103163"
},
{
"name" : "1029745",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029745"
},
{
"name" : "56793",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56793"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka \"Type Traversal Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029745",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029745"
},
{
"name": "33892",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33892"
},
{
"name": "65417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65417"
},
{
"name": "http://packetstormsecurity.com/files/127246/MS14-009-.NET-Deployment-Service-IE-Sandbox-Escape.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127246/MS14-009-.NET-Deployment-Service-IE-Sandbox-Escape.html"
},
{
"name": "103163",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/103163"
},
{
"name": "56793",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56793"
},
{
"name": "MS14-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009"
}
]
}
}

148
2014/100xxx/CVE-2014-100005.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-100005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-100005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/",
"refsource" : "MISC",
"url" : "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/"
},
{
"name" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018",
"refsource" : "CONFIRM",
"url" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018"
},
{
"name" : "57304",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57304"
},
{
"name" : "dir600-settings-csrf(91794)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57304"
},
{
"name": "dir600-settings-csrf(91794)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794"
},
{
"name": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/",
"refsource": "MISC",
"url": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/"
},
{
"name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018",
"refsource": "CONFIRM",
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018"
}
]
}
}

218
2014/1xxx/CVE-2014-1642.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140123 Xen Security Advisory 83 (CVE-2014-1642) - Out-of-memory condition yielding memory corruption during IRQ setup",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/01/23/4"
},
{
"name" : "http://xenbits.xen.org/xsa/advisory-83.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-83.html"
},
{
"name" : "FEDORA-2014-1552",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html"
},
{
"name" : "FEDORA-2014-1559",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127580.html"
},
{
"name" : "GLSA-201407-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name" : "SUSE-SU-2014:0373",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html"
},
{
"name" : "65097",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65097"
},
{
"name" : "102406",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102406"
},
{
"name" : "1029679",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029679"
},
{
"name" : "56557",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56557"
},
{
"name" : "xen-irq-cve20141642-code-exec(90649)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90649"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2014:0373",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html"
},
{
"name": "FEDORA-2014-1552",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html"
},
{
"name": "xen-irq-cve20141642-code-exec(90649)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90649"
},
{
"name": "56557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56557"
},
{
"name": "GLSA-201407-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name": "FEDORA-2014-1559",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127580.html"
},
{
"name": "[oss-security] 20140123 Xen Security Advisory 83 (CVE-2014-1642) - Out-of-memory condition yielding memory corruption during IRQ setup",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/23/4"
},
{
"name": "102406",
"refsource": "OSVDB",
"url": "http://osvdb.org/102406"
},
{
"name": "1029679",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029679"
},
{
"name": "65097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65097"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-83.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-83.html"
}
]
}
}

128
2014/1xxx/CVE-2014-1835.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1835",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140131 Re: echor 0.1.6 Ruby Gem exposes login credentials",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/01/31/10"
},
{
"name" : "echor-ruby-system-process-info-disc(90858)",
"refsource" : "XF",
"url" : "http://xforce.iss.net/xforce/xfdb/90858"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140131 Re: echor 0.1.6 Ruby Gem exposes login credentials",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/10"
},
{
"name": "echor-ruby-system-process-info-disc(90858)",
"refsource": "XF",
"url": "http://xforce.iss.net/xforce/xfdb/90858"
}
]
}
}

138
2014/1xxx/CVE-2014-1885.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1885",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"name" : "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf",
"refsource" : "MISC",
"url" : "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"name" : "http://www.internetsociety.org/ndss2014/programme#session3",
"refsource" : "MISC",
"url" : "http://www.internetsociety.org/ndss2014/programme#session3"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"name": "http://www.internetsociety.org/ndss2014/programme#session3",
"refsource": "MISC",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
}
]
}
}

32
2014/1xxx/CVE-2014-1941.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1941",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1941",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

208
2014/4xxx/CVE-2014-4043.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4043",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1109263",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1109263"
},
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17048",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17048"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362"
},
{
"name" : "GLSA-201503-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-04"
},
{
"name" : "MDVSA-2014:152",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152"
},
{
"name" : "openSUSE-SU-2015:1387",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html"
},
{
"name" : "68006",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68006"
},
{
"name" : "gnuclibrary-cve20144043-code-exec(93784)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845"
},
{
"name": "68006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68006"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17048",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17048"
},
{
"name": "gnuclibrary-cve20144043-code-exec(93784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1109263",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109263"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362"
},
{
"name": "GLSA-201503-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-04"
},
{
"name": "MDVSA-2014:152",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152"
},
{
"name": "openSUSE-SU-2015:1387",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845"
}
]
}
}

118
2014/4xxx/CVE-2014-4593.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4593",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filter parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-wppm-a3-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-wppm-a3-cross-site-scripting-xss"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filter parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codevigilant.com/disclosure/wp-plugin-wppm-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-wppm-a3-cross-site-scripting-xss"
}
]
}
}

32
2014/4xxx/CVE-2014-4704.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4704",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4704",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

158
2014/5xxx/CVE-2014-5443.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140824 CVE-2014-5443: Seafile local horizontal privilege escalation vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/08/24/3"
},
{
"name" : "https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.html",
"refsource" : "CONFIRM",
"url" : "https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.html"
},
{
"name" : "https://manual.seafile.com/changelog/server-changelog.html",
"refsource" : "CONFIRM",
"url" : "https://manual.seafile.com/changelog/server-changelog.html"
},
{
"name" : "69360",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69360"
},
{
"name" : "seafile-cve20145443-priv-esc(95458)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95458"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "seafile-cve20145443-priv-esc(95458)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95458"
},
{
"name": "https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.html",
"refsource": "CONFIRM",
"url": "https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.html"
},
{
"name": "https://manual.seafile.com/changelog/server-changelog.html",
"refsource": "CONFIRM",
"url": "https://manual.seafile.com/changelog/server-changelog.html"
},
{
"name": "[oss-security] 20140824 CVE-2014-5443: Seafile local horizontal privilege escalation vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/24/3"
},
{
"name": "69360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69360"
}
]
}
}

138
2014/5xxx/CVE-2014-5694.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Scoutmob local deals & events (aka com.scoutmob.ile) application 3.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#182449",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/182449"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Scoutmob local deals & events (aka com.scoutmob.ile) application 3.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#182449",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/182449"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/5xxx/CVE-2014-5759.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5759",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#862689",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/862689"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#862689",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/862689"
}
]
}
}

138
2014/5xxx/CVE-2014-5927.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5927",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FastCustomer -- Fast Customer (aka www.fastcustomer.com) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#317705",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/317705"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FastCustomer -- Fast Customer (aka www.fastcustomer.com) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#317705",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/317705"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/5xxx/CVE-2014-5953.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5953",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The KASKUS (aka com.kaskus.android) application 2.13.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#618929",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/618929"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KASKUS (aka com.kaskus.android) application 2.13.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#618929",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/618929"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

158
2016/10xxx/CVE-2016-10249.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/"
},
{
"name" : "https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568",
"refsource" : "CONFIRM",
"url" : "https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568"
},
{
"name" : "DSA-3827",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3827"
},
{
"name" : "RHSA-2017:1208",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name" : "93838",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93838"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/"
},
{
"name": "https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568",
"refsource": "CONFIRM",
"url": "https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568"
},
{
"name": "RHSA-2017:1208",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name": "DSA-3827",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3827"
},
{
"name": "93838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93838"
}
]
}
}

138
2016/10xxx/CVE-2016-10337.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2016-10337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation in TrustZone"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2016-10337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "98874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98874"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "98874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98874"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}

130
2016/10xxx/CVE-2016-10448.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2016-10448",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, a simultaneous command post for addSA or updateSA on same SA leads to memory corruption. APIs addSA and updateSA APIs access the global variable ipsec_sa_list[] outside of mutex protection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Time-of-check Time-of-use (TOCTOU) Race Condition in SEC."
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2016-10448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, a simultaneous command post for addSA or updateSA on same SA leads to memory corruption. APIs addSA and updateSA APIs access the global variable ipsec_sa_list[] outside of mutex protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition in SEC."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

118
2016/10xxx/CVE-2016-10512.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/139844/Multitech-RightFax-Faxfinder-Credential-Disclosure.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/139844/Multitech-RightFax-Faxfinder-Credential-Disclosure.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/139844/Multitech-RightFax-Faxfinder-Credential-Disclosure.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/139844/Multitech-RightFax-Faxfinder-Credential-Disclosure.html"
}
]
}
}

120
2016/10xxx/CVE-2016-10667.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10667",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "selenium-portal node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "selenium-portal node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/260",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/260"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/260",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/260"
}
]
}
}

138
2016/3xxx/CVE-2016-3006.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3006",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www-01.ibm.com/support/docview.wss?uid=swg21989067",
"refsource" : "CONFIRM",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=swg21989067"
},
{
"name" : "LO89962",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89962"
},
{
"name" : "93167",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93167"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "LO89962",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89962"
},
{
"name": "93167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93167"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21989067",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989067"
}
]
}
}

158
2016/3xxx/CVE-2016-3734.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3734",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160517 Moodle security release 3.0.4, 2.9.6, 2.8.12, 2.7.14",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/17/4"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1335933",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1335933"
},
{
"name" : "91281",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91281"
},
{
"name" : "1035902",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035902"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160517 Moodle security release 3.0.4, 2.9.6, 2.8.12, 2.7.14",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/17/4"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933"
},
{
"name": "1035902",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035902"
},
{
"name": "91281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91281"
}
]
}
}

118
2016/3xxx/CVE-2016-3771.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3771",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

134
2016/8xxx/CVE-2016-8401.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name" : "94686",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94686"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name": "94686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94686"
}
]
}
}

270
2016/8xxx/CVE-2016-8743.json
View File

@ -1,138 +1,138 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2016-12-20T00:00:00",
"ID" : "CVE-2016-8743",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache HTTP Server",
"version" : {
"version_data" : [
{
"version_value" : "2.2.0 to 2.2.31, 2.4.1 to 2.4.23"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Request Smuggling, Response Splitting"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2016-12-20T00:00:00",
"ID": "CVE-2016-8743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.2.0 to 2.2.31, 2.4.1 to 2.4.23"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743",
"refsource" : "CONFIRM",
"url" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743"
},
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us"
},
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us"
},
{
"name" : "https://www.tenable.com/security/tns-2017-04",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2017-04"
},
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180423-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180423-0001/"
},
{
"name" : "DSA-3796",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3796"
},
{
"name" : "GLSA-201701-36",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-36"
},
{
"name" : "RHSA-2017:0906",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0906"
},
{
"name" : "RHSA-2017:1161",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"name" : "RHSA-2017:1413",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name" : "RHSA-2017:1414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name" : "RHSA-2017:1415",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name" : "RHSA-2017:1721",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1721"
},
{
"name" : "95077",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95077"
},
{
"name" : "1037508",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037508"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Request Smuggling, Response Splitting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "DSA-3796",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3796"
},
{
"name": "RHSA-2017:1721",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1721"
},
{
"name": "1037508",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037508"
},
{
"name": "RHSA-2017:1413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name": "RHSA-2017:1161",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "RHSA-2017:1414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us"
},
{
"name": "95077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95077"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us"
},
{
"name": "RHSA-2017:1415",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name": "RHSA-2017:0906",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0906"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743"
},
{
"name": "GLSA-201701-36",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180423-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
}
]
}
}

148
2016/9xxx/CVE-2016-9642.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161126 Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/26/4"
},
{
"name" : "GLSA-201706-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-15"
},
{
"name" : "94554",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94554"
},
{
"name" : "1038137",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038137"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038137",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038137"
},
{
"name": "[oss-security] 20161126 Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/26/4"
},
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "94554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94554"
}
]
}
}

32
2016/9xxx/CVE-2016-9791.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9791",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9791",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

258
2016/9xxx/CVE-2016-9933.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9933",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161212 CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/12/2"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "http://www.php.net/ChangeLog-7.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-7.php"
},
{
"name" : "https://bugs.php.net/bug.php?id=72696",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=72696"
},
{
"name" : "https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e",
"refsource" : "CONFIRM",
"url" : "https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e"
},
{
"name" : "https://github.com/libgd/libgd/issues/215",
"refsource" : "CONFIRM",
"url" : "https://github.com/libgd/libgd/issues/215"
},
{
"name" : "https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1",
"refsource" : "CONFIRM",
"url" : "https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1"
},
{
"name" : "DSA-3751",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3751"
},
{
"name" : "RHSA-2018:1296",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name" : "openSUSE-SU-2016:3228",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html"
},
{
"name" : "openSUSE-SU-2016:3239",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html"
},
{
"name" : "openSUSE-SU-2017:0006",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html"
},
{
"name" : "openSUSE-SU-2017:0061",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html"
},
{
"name" : "openSUSE-SU-2017:0081",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html"
},
{
"name" : "94865",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94865"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161212 CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/12/2"
},
{
"name": "openSUSE-SU-2016:3228",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html"
},
{
"name": "openSUSE-SU-2017:0081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html"
},
{
"name": "http://www.php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "openSUSE-SU-2017:0006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html"
},
{
"name": "https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1"
},
{
"name": "DSA-3751",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3751"
},
{
"name": "94865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94865"
},
{
"name": "RHSA-2018:1296",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "https://bugs.php.net/bug.php?id=72696",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=72696"
},
{
"name": "openSUSE-SU-2017:0061",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html"
},
{
"name": "openSUSE-SU-2016:3239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html"
},
{
"name": "https://github.com/libgd/libgd/issues/215",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/issues/215"
},
{
"name": "https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e"
}
]
}
}

32
2019/2xxx/CVE-2019-2568.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2568",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2568",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2844.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2844",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2844",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2858.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2858",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2858",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2942.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2942",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2942",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/6xxx/CVE-2019-6354.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6354",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6354",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/6xxx/CVE-2019-6384.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6384",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6384",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/6xxx/CVE-2019-6754.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6754",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6754",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/6xxx/CVE-2019-6862.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6862",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6862",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2019/6xxx/CVE-2019-6986.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6986",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/kevinbackhouse/SecurityExploits/tree/0ec74459ac53685a7959ed58d580ef8abece3685/vivo-project",
"refsource" : "MISC",
"url" : "https://github.com/kevinbackhouse/SecurityExploits/tree/0ec74459ac53685a7959ed58d580ef8abece3685/vivo-project"
},
{
"name" : "https://github.com/vivo-project/Vitro/pull/111",
"refsource" : "MISC",
"url" : "https://github.com/vivo-project/Vitro/pull/111"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kevinbackhouse/SecurityExploits/tree/0ec74459ac53685a7959ed58d580ef8abece3685/vivo-project",
"refsource": "MISC",
"url": "https://github.com/kevinbackhouse/SecurityExploits/tree/0ec74459ac53685a7959ed58d580ef8abece3685/vivo-project"
},
{
"name": "https://github.com/vivo-project/Vitro/pull/111",
"refsource": "MISC",
"url": "https://github.com/vivo-project/Vitro/pull/111"
}
]
}
}