admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:26:24 +00:00
parent c54ea0ca13
commit 2e995436e5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3789 additions and 3789 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2006/1xxx/CVE-2006-1036.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1036",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the Oracle Diagnostics module 2.2 and earlier have unknown impact and attack vectors, related to \"permissions.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-OracleDiag0206.pdf",
"refsource" : "MISC",
"url" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-OracleDiag0206.pdf"
},
{
"name" : "16844",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16844"
},
{
"name" : "19076",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19076"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Oracle Diagnostics module 2.2 and earlier have unknown impact and attack vectors, related to \"permissions.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16844"
},
{
"name": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-OracleDiag0206.pdf",
"refsource": "MISC",
"url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-OracleDiag0206.pdf"
},
{
"name": "19076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19076"
}
]
}
}

190
2006/1xxx/CVE-2006-1447.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1447",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-05-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name" : "TA06-132A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name" : "17951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17951"
},
{
"name" : "ADV-2006-1779",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name" : "25591",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25591"
},
{
"name" : "1016081",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016081"
},
{
"name" : "20077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20077"
},
{
"name" : "macos-launchservices-security-bypass(26416)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26416"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "ADV-2006-1779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "1016081",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016081"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "25591",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25591"
},
{
"name": "20077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20077"
},
{
"name": "macos-launchservices-security-bypass(26416)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26416"
}
]
}
}

260
2006/1xxx/CVE-2006-1454.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1454",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file with malformed image data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
},
{
"name" : "APPLE-SA-2006-05-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
},
{
"name" : "APPLE-SA-2006-05-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name" : "TA06-132A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name" : "TA06-132B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
},
{
"name" : "17953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17953"
},
{
"name" : "17951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17951"
},
{
"name" : "ADV-2006-1778",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1778"
},
{
"name" : "ADV-2006-1779",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name" : "1016067",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016067"
},
{
"name" : "1016075",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016075"
},
{
"name" : "20069",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20069"
},
{
"name" : "20077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20077"
},
{
"name" : "887",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/887"
},
{
"name" : "quicktime-pict-image-bo(26401)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26401"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file with malformed image data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "20069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20069"
},
{
"name": "ADV-2006-1779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "quicktime-pict-image-bo(26401)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26401"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
},
{
"name": "1016067",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016067"
},
{
"name": "TA06-132B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
},
{
"name": "1016075",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016075"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "887",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/887"
},
{
"name": "17953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17953"
},
{
"name": "ADV-2006-1778",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1778"
},
{
"name": "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
},
{
"name": "20077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20077"
}
]
}
}

140
2006/1xxx/CVE-2006-1621.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1621",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060402 Hosting Controller AccountActions.asp and saveuploadfiles.asp vulns (PoC)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429731/100/0/threaded"
},
{
"name" : "24772",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24772"
},
{
"name" : "hosting-controller-Saveupload-file-upload(25675)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25675"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hosting-controller-Saveupload-file-upload(25675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25675"
},
{
"name": "20060402 Hosting Controller AccountActions.asp and saveuploadfiles.asp vulns (PoC)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429731/100/0/threaded"
},
{
"name": "24772",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24772"
}
]
}
}

150
2006/5xxx/CVE-2006-5081.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060925 QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447003/100/0/threaded"
},
{
"name" : "1016934",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016934"
},
{
"name" : "1651",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1651"
},
{
"name" : "quickblogger-acc-file-include(29173)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29173"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060925 QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447003/100/0/threaded"
},
{
"name": "1016934",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016934"
},
{
"name": "1651",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1651"
},
{
"name": "quickblogger-acc-file-include(29173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29173"
}
]
}
}

150
2006/5xxx/CVE-2006-5676.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5676",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2661",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2661"
},
{
"name" : "ADV-2006-4225",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4225"
},
{
"name" : "21789",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21789"
},
{
"name" : "phpleague-classement-sql-injection(29867)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29867"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2661",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2661"
},
{
"name": "ADV-2006-4225",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4225"
},
{
"name": "phpleague-classement-sql-injection(29867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29867"
},
{
"name": "21789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21789"
}
]
}
}

180
2006/5xxx/CVE-2006-5889.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.craigheffner.com/security/exploits/brewblogger1.3.1.txt",
"refsource" : "MISC",
"url" : "http://www.craigheffner.com/security/exploits/brewblogger1.3.1.txt"
},
{
"name" : "2751",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2751"
},
{
"name" : "https://sourceforge.net/project/shownotes.php?release_id=463357&group_id=165855",
"refsource" : "MISC",
"url" : "https://sourceforge.net/project/shownotes.php?release_id=463357&group_id=165855"
},
{
"name" : "21026",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21026"
},
{
"name" : "ADV-2006-4467",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4467"
},
{
"name" : "22810",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22810"
},
{
"name" : "brewblogger-printlog-sql-injection(30200)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30200"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22810"
},
{
"name": "2751",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2751"
},
{
"name": "21026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21026"
},
{
"name": "https://sourceforge.net/project/shownotes.php?release_id=463357&group_id=165855",
"refsource": "MISC",
"url": "https://sourceforge.net/project/shownotes.php?release_id=463357&group_id=165855"
},
{
"name": "brewblogger-printlog-sql-injection(30200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30200"
},
{
"name": "ADV-2006-4467",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4467"
},
{
"name": "http://www.craigheffner.com/security/exploits/brewblogger1.3.1.txt",
"refsource": "MISC",
"url": "http://www.craigheffner.com/security/exploits/brewblogger1.3.1.txt"
}
]
}
}

170
2007/2xxx/CVE-2007-2334.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2334",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null",
"refsource" : "CONFIRM",
"url" : "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null"
},
{
"name" : "23562",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23562"
},
{
"name" : "ADV-2007-1464",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1464"
},
{
"name" : "35056",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35056"
},
{
"name" : "1017943",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017943"
},
{
"name" : "24962",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24962"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017943",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017943"
},
{
"name": "23562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23562"
},
{
"name": "24962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24962"
},
{
"name": "35056",
"refsource": "OSVDB",
"url": "http://osvdb.org/35056"
},
{
"name": "ADV-2007-1464",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1464"
},
{
"name": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null",
"refsource": "CONFIRM",
"url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null"
}
]
}
}

150
2007/2xxx/CVE-2007-2742.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2742",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070514 ImI image file inclusion in script upload",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=117924253030935&w=2"
},
{
"name" : "23975",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23975"
},
{
"name" : "36830",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36830"
},
{
"name" : "w2box-doubleextension-file-upload(34302)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34302"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "w2box-doubleextension-file-upload(34302)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34302"
},
{
"name": "20070514 ImI image file inclusion in script upload",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=117924253030935&w=2"
},
{
"name": "23975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23975"
},
{
"name": "36830",
"refsource": "OSVDB",
"url": "http://osvdb.org/36830"
}
]
}
}

140
2007/2xxx/CVE-2007-2911.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the \"Attached After\" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vbulletin.com/forum/project.php?issueid=21615",
"refsource" : "CONFIRM",
"url" : "http://www.vbulletin.com/forum/project.php?issueid=21615"
},
{
"name" : "38147",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38147"
},
{
"name" : "vbulletin-attachedafter-sql-injection(34784)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34784"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the \"Attached After\" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vbulletin.com/forum/project.php?issueid=21615",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/project.php?issueid=21615"
},
{
"name": "vbulletin-attachedafter-sql-injection(34784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34784"
},
{
"name": "38147",
"refsource": "OSVDB",
"url": "http://osvdb.org/38147"
}
]
}
}

180
2007/6xxx/CVE-2007-6515.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071220 SiteScape Forum TCL injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485398/100/0/threaded"
},
{
"name" : "15987",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15987"
},
{
"name" : "26963",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26963"
},
{
"name" : "39875",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39875"
},
{
"name" : "28182",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28182"
},
{
"name" : "3480",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3480"
},
{
"name" : "sitescape-http-request-command-execution(39182)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39182"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sitescape-http-request-command-execution(39182)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39182"
},
{
"name": "28182",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28182"
},
{
"name": "20071220 SiteScape Forum TCL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485398/100/0/threaded"
},
{
"name": "39875",
"refsource": "OSVDB",
"url": "http://osvdb.org/39875"
},
{
"name": "15987",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15987"
},
{
"name": "3480",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3480"
},
{
"name": "26963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26963"
}
]
}
}

180
2010/0xxx/CVE-2010-0114.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0114",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-291/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-291/"
},
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00"
},
{
"name" : "45372",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45372"
},
{
"name" : "1024900",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024900"
},
{
"name" : "42643",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42643"
},
{
"name" : "ADV-2010-3252",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3252"
},
{
"name" : "symantec-endpoint-fwcharts-code-execution(64118)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024900",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024900"
},
{
"name": "symantec-endpoint-fwcharts-code-execution(64118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64118"
},
{
"name": "45372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45372"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00"
},
{
"name": "ADV-2010-3252",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3252"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-291/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-291/"
},
{
"name": "42643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42643"
}
]
}
}

150
2010/0xxx/CVE-2010-0126.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0126",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is not properly handled by the Quattro speed reader (qpssr.dll)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-0126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2010-16/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-16/"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21440812",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"
},
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"
},
{
"name" : "41928",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is not properly handled by the Quattro speed reader (qpssr.dll)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"
},
{
"name": "http://secunia.com/secunia_research/2010-16/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-16/"
},
{
"name": "41928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41928"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"
}
]
}
}

120
2010/0xxx/CVE-2010-0836.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}

150
2010/0xxx/CVE-2010-0950.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100305 SQL injection vulnerability in Natychmiast CMS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509890/100/0/threaded"
},
{
"name" : "http://www.packetstormsecurity.com/1003-exploits/natychmiast-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.com/1003-exploits/natychmiast-sqlxss.txt"
},
{
"name" : "38561",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38561"
},
{
"name" : "natychmiast-index-sql-injection(56725)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56725"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100305 SQL injection vulnerability in Natychmiast CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509890/100/0/threaded"
},
{
"name": "http://www.packetstormsecurity.com/1003-exploits/natychmiast-sqlxss.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1003-exploits/natychmiast-sqlxss.txt"
},
{
"name": "natychmiast-index-sql-injection(56725)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56725"
},
{
"name": "38561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38561"
}
]
}
}

200
2010/1xxx/CVE-2010-1149.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1149",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576687",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576687"
},
{
"name" : "http://cgit.freedesktop.org/udisks/commit/?id=0fcc7cb3b66f23fac53ae08647aa0007a2bd56c4",
"refsource" : "CONFIRM",
"url" : "http://cgit.freedesktop.org/udisks/commit/?id=0fcc7cb3b66f23fac53ae08647aa0007a2bd56c4"
},
{
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=27494",
"refsource" : "CONFIRM",
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=27494"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=594261",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=594261"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=580005",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=580005"
},
{
"name" : "https://launchpad.net/bugs/556651",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/bugs/556651"
},
{
"name" : "FEDORA-2010-6296",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039060.html"
},
{
"name" : "39265",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39265"
},
{
"name" : "39332",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39332"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-6296",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039060.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=594261",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=594261"
},
{
"name": "https://launchpad.net/bugs/556651",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/556651"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=27494",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=27494"
},
{
"name": "39332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39332"
},
{
"name": "39265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39265"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=580005",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=580005"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576687",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576687"
},
{
"name": "http://cgit.freedesktop.org/udisks/commit/?id=0fcc7cb3b66f23fac53ae08647aa0007a2bd56c4",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/udisks/commit/?id=0fcc7cb3b66f23fac53ae08647aa0007a2bd56c4"
}
]
}
}

140
2010/1xxx/CVE-2010-1463.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the (1) add2cart, (2) c_id, (3) categoryID, (4) list_price, (5) name, (6) new_offer, (7) price, (8) product_code, (9) productID, (10) rating, and (11) save_product parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100414 VUPEN Web Security Research - WebAsyst Shop-Script Multiple Input Validation Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510741/100/0/threaded"
},
{
"name" : "http://www.vupen.com/english/research-web.php",
"refsource" : "MISC",
"url" : "http://www.vupen.com/english/research-web.php"
},
{
"name" : "ADV-2010-0882",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0882"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the (1) add2cart, (2) c_id, (3) categoryID, (4) list_price, (5) name, (6) new_offer, (7) price, (8) product_code, (9) productID, (10) rating, and (11) save_product parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100414 VUPEN Web Security Research - WebAsyst Shop-Script Multiple Input Validation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510741/100/0/threaded"
},
{
"name": "ADV-2010-0882",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0882"
},
{
"name": "http://www.vupen.com/english/research-web.php",
"refsource": "MISC",
"url": "http://www.vupen.com/english/research-web.php"
}
]
}
}

160
2010/1xxx/CVE-2010-1516.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1516",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to execute arbitrary code via (1) a crafted PNG file, related to the getPNG function in lib/png.c; or (2) a crafted JPEG file, related to the jpeg_load function in lib/jpeg.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-1516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100813 Secunia Research: SWFTools Two Integer Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513102/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2010-80/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-80/"
},
{
"name" : "GLSA-201204-05",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201204-05.xml"
},
{
"name" : "39970",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39970"
},
{
"name" : "48821",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48821"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to execute arbitrary code via (1) a crafted PNG file, related to the getPNG function in lib/png.c; or (2) a crafted JPEG file, related to the jpeg_load function in lib/jpeg.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39970"
},
{
"name": "http://secunia.com/secunia_research/2010-80/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-80/"
},
{
"name": "GLSA-201204-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201204-05.xml"
},
{
"name": "48821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48821"
},
{
"name": "20100813 Secunia Research: SWFTools Two Integer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513102/100/0/threaded"
}
]
}
}

150
2010/1xxx/CVE-2010-1538.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1538",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1002-exploits/phpraincheck-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1002-exploits/phpraincheck-sql.txt"
},
{
"name" : "11586",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11586"
},
{
"name" : "38521",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38521"
},
{
"name" : "phpraincheck-printraincheck-sql-injection(56578)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56578"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11586",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11586"
},
{
"name": "http://packetstormsecurity.org/1002-exploits/phpraincheck-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/phpraincheck-sql.txt"
},
{
"name": "phpraincheck-printraincheck-sql-injection(56578)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56578"
},
{
"name": "38521",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38521"
}
]
}
}

150
2010/1xxx/CVE-2010-1602.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1602",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1004-exploits/joomlazimbcomment-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/joomlazimbcomment-lfi.txt"
},
{
"name" : "12283",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12283"
},
{
"name" : "39548",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39548"
},
{
"name" : "ADV-2010-0932",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0932"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39548"
},
{
"name": "ADV-2010-0932",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0932"
},
{
"name": "12283",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12283"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlazimbcomment-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlazimbcomment-lfi.txt"
}
]
}
}

140
2010/4xxx/CVE-2010-4023.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4023",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-4023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02603",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=128811282526943&w=2"
},
{
"name" : "SSRT100319",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=128811282526943&w=2"
},
{
"name" : "1024642",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024642"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02603",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128811282526943&w=2"
},
{
"name": "1024642",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024642"
},
{
"name": "SSRT100319",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128811282526943&w=2"
}
]
}
}

160
2010/4xxx/CVE-2010-4677.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4677",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf"
},
{
"name" : "45767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45767"
},
{
"name" : "1024963",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024963"
},
{
"name" : "42931",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42931"
},
{
"name" : "asa-emweb-dos(64603)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64603"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024963",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024963"
},
{
"name": "asa-emweb-dos(64603)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64603"
},
{
"name": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf"
},
{
"name": "45767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45767"
},
{
"name": "42931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42931"
}
]
}
}

200
2010/5xxx/CVE-2010-5101.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the \"file inclusion functionality.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name" : "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name" : "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"name" : "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name" : "45470",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45470"
},
{
"name" : "70119",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/70119"
},
{
"name" : "35770",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35770"
},
{
"name" : "typo3-unspecified-file-include(64180)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the \"file inclusion functionality.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "70119",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70119"
},
{
"name": "45470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "typo3-unspecified-file-include(64180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"name": "35770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
]
}
}

200
2010/5xxx/CVE-2010-5152.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5152",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource" : "MISC",
"url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource" : "MISC",
"url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource" : "MISC",
"url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name" : "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource" : "MISC",
"url" : "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource" : "MISC",
"url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name" : "39924",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39924"
},
{
"name" : "67660",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/67660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource": "MISC",
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name": "39924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39924"
},
{
"name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name": "67660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67660"
},
{
"name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name": "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource": "MISC",
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
]
}
}

160
2014/0xxx/CVE-2014-0055.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062577",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062577"
},
{
"name" : "RHSA-2014:0328",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0328.html"
},
{
"name" : "RHSA-2014:0339",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0339.html"
},
{
"name" : "66441",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66441"
},
{
"name" : "59386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59386"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0328",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0328.html"
},
{
"name": "59386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59386"
},
{
"name": "66441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66441"
},
{
"name": "RHSA-2014:0339",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0339.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1062577",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062577"
}
]
}
}

190
2014/0xxx/CVE-2014-0406.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "DSA-2878",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2878"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64905",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64905"
},
{
"name" : "102060",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102060"
},
{
"name" : "1029610",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029610"
},
{
"name" : "56490",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56490"
},
{
"name" : "oracle-cpujan2014-cve20140406(90371)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90371"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-cpujan2014-cve20140406(90371)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90371"
},
{
"name": "56490",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56490"
},
{
"name": "102060",
"refsource": "OSVDB",
"url": "http://osvdb.org/102060"
},
{
"name": "64905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64905"
},
{
"name": "DSA-2878",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2878"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "1029610",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029610"
}
]
}
}

130
2014/10xxx/CVE-2014-10028.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141129 CSRF and XSS vulnerabilities in D-Link DAP-1360",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/100"
},
{
"name" : "http://websecurity.com.ua/7215/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/7215/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/7215/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/7215/"
},
{
"name": "20141129 CSRF and XSS vulnerabilities in D-Link DAP-1360",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/100"
}
]
}
}

140
2014/1xxx/CVE-2014-1351.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2014-06-30-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name" : "68276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68276"
},
{
"name" : "1030500",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030500"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68276"
},
{
"name": "APPLE-SA-2014-06-30-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "1030500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030500"
}
]
}
}

130
2014/1xxx/CVE-2014-1458.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1458",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fortiguard.com/advisory/FG-IR-14-001/",
"refsource" : "CONFIRM",
"url" : "http://www.fortiguard.com/advisory/FG-IR-14-001/"
},
{
"name" : "fortiweb-cve20141458-xss(90978)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90978"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguard.com/advisory/FG-IR-14-001/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-14-001/"
},
{
"name": "fortiweb-cve20141458-xss(90978)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90978"
}
]
}
}

34
2014/1xxx/CVE-2014-1864.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1864",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1864",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2014/4xxx/CVE-2014-4233.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "SUSE-SU-2014:1072",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html"
},
{
"name" : "68598",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68598"
},
{
"name" : "1030578",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030578"
},
{
"name" : "60425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60425"
},
{
"name" : "oracle-cpujul2014-cve20144233(94625)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-cpujul2014-cve20144233(94625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94625"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "1030578",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030578"
},
{
"name": "SUSE-SU-2014:1072",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "60425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60425"
},
{
"name": "68598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68598"
}
]
}
}

34
2014/4xxx/CVE-2014-4523.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4523",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4523",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2014/4xxx/CVE-2014-4555.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the Style It plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-style-it-a3-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-style-it-a3-cross-site-scripting-xss"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the Style It plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codevigilant.com/disclosure/wp-plugin-style-it-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-style-it-a3-cross-site-scripting-xss"
}
]
}
}

130
2014/4xxx/CVE-2014-4856.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4856",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wordpress.org/plugins/polldaddy/changelog",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/plugins/polldaddy/changelog"
},
{
"name" : "59323",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59323"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59323"
},
{
"name": "http://wordpress.org/plugins/polldaddy/changelog",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/polldaddy/changelog"
}
]
}
}

34
2014/4xxx/CVE-2014-4924.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4924",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4924",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

250
2014/9xxx/CVE-2014-9658.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/google-security-research/issues/detail?id=194",
"refsource" : "MISC",
"url" : "http://code.google.com/p/google-security-research/issues/detail?id=194"
},
{
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c"
},
{
"name" : "http://advisories.mageia.org/MGASA-2015-0083.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2015-0083.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "DSA-3188",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3188"
},
{
"name" : "FEDORA-2015-2216",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"
},
{
"name" : "FEDORA-2015-2237",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"
},
{
"name" : "GLSA-201503-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-05"
},
{
"name" : "MDVSA-2015:055",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055"
},
{
"name" : "RHSA-2015:0696",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0696.html"
},
{
"name" : "openSUSE-SU-2015:0627",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"
},
{
"name" : "USN-2510-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2510-1"
},
{
"name" : "USN-2739-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2739-1"
},
{
"name" : "72986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3188"
},
{
"name": "GLSA-201503-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-05"
},
{
"name": "72986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72986"
},
{
"name": "USN-2739-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2739-1"
},
{
"name": "openSUSE-SU-2015:0627",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0083.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0083.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "RHSA-2015:0696",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0696.html"
},
{
"name": "http://code.google.com/p/google-security-research/issues/detail?id=194",
"refsource": "MISC",
"url": "http://code.google.com/p/google-security-research/issues/detail?id=194"
},
{
"name": "FEDORA-2015-2216",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"
},
{
"name": "MDVSA-2015:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055"
},
{
"name": "USN-2510-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2510-1"
},
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c"
},
{
"name": "FEDORA-2015-2237",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"
}
]
}
}

34
2016/3xxx/CVE-2016-3058.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3058",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3058",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2016/3xxx/CVE-2016-3319.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3319",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka \"Microsoft PDF Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-096",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-096"
},
{
"name" : "MS16-102",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-102"
},
{
"name" : "92293",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92293"
},
{
"name" : "1036561",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036561"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka \"Microsoft PDF Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036561",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036561"
},
{
"name": "92293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92293"
},
{
"name": "MS16-096",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-096"
},
{
"name": "MS16-102",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-102"
}
]
}
}

350
2016/3xxx/CVE-2016-3443.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-376",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-376"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20160420-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20160420-0001/"
},
{
"name" : "GLSA-201606-18",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201606-18"
},
{
"name" : "RHSA-2016:0701",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
},
{
"name" : "RHSA-2016:0702",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
},
{
"name" : "RHSA-2016:0708",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
},
{
"name" : "RHSA-2016:0716",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
},
{
"name" : "RHSA-2016:1430",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name" : "RHSA-2016:1039",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
},
{
"name" : "RHSA-2016:0677",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
},
{
"name" : "RHSA-2016:0678",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
},
{
"name" : "RHSA-2016:0679",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
},
{
"name" : "RHSA-2017:1216",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name" : "SUSE-SU-2016:1299",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
},
{
"name" : "SUSE-SU-2016:1300",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
},
{
"name" : "SUSE-SU-2016:1303",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
},
{
"name" : "SUSE-SU-2016:1378",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
},
{
"name" : "SUSE-SU-2016:1379",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
},
{
"name" : "SUSE-SU-2016:1388",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
},
{
"name" : "SUSE-SU-2016:1458",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
},
{
"name" : "SUSE-SU-2016:1475",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
},
{
"name" : "86482",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/86482"
},
{
"name" : "1035596",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035596"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0677",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
},
{
"name": "SUSE-SU-2016:1299",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
},
{
"name": "RHSA-2016:1039",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
},
{
"name": "RHSA-2016:0701",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
},
{
"name": "SUSE-SU-2016:1303",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
},
{
"name": "SUSE-SU-2016:1475",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
},
{
"name": "SUSE-SU-2016:1300",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
},
{
"name": "RHSA-2016:1430",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "https://security.netapp.com/advisory/ntap-20160420-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
},
{
"name": "RHSA-2016:0708",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
},
{
"name": "SUSE-SU-2016:1378",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
},
{
"name": "SUSE-SU-2016:1379",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
},
{
"name": "86482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/86482"
},
{
"name": "SUSE-SU-2016:1458",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-376",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-376"
},
{
"name": "GLSA-201606-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-18"
},
{
"name": "RHSA-2016:0716",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
},
{
"name": "1035596",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035596"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "SUSE-SU-2016:1388",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
},
{
"name": "RHSA-2016:0702",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
},
{
"name": "RHSA-2016:0679",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
},
{
"name": "RHSA-2017:1216",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name": "RHSA-2016:0678",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
}
]
}
}

120
2016/3xxx/CVE-2016-3702.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3702",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1330179",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1330179"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1330179",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330179"
}
]
}
}

120
2016/3xxx/CVE-2016-3857.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3857",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
}
]
}
}

140
2016/3xxx/CVE-2016-3979.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3979",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160624 [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Jun/55"
},
{
"name" : "https://erpscan.io/advisories/erpscan-16-017-sap-java-icman-dos/",
"refsource" : "MISC",
"url" : "https://erpscan.io/advisories/erpscan-16-017-sap-java-icman-dos/"
},
{
"name" : "http://packetstormsecurity.com/files/137589/SAP-NetWeaver-AS-JAVA-7.4-icman-Denial-Of-Service.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/137589/SAP-NetWeaver-AS-JAVA-7.4-icman-Denial-Of-Service.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/137589/SAP-NetWeaver-AS-JAVA-7.4-icman-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137589/SAP-NetWeaver-AS-JAVA-7.4-icman-Denial-Of-Service.html"
},
{
"name": "https://erpscan.io/advisories/erpscan-16-017-sap-java-icman-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-16-017-sap-java-icman-dos/"
},
{
"name": "20160624 [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jun/55"
}
]
}
}

150
2016/6xxx/CVE-2016-6616.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6616",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in phpMyAdmin. In the \"User group\" and \"Designer\" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"
},
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-39",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-39"
},
{
"name" : "GLSA-201701-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-32"
},
{
"name" : "95042",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95042"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in phpMyAdmin. In the \"User group\" and \"Designer\" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95042"
},
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-39",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-39"
},
{
"name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
}
]
}
}

170
2016/7xxx/CVE-2016-7177.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12750",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12750"
},
{
"name" : "https://code.wireshark.org/review/17096",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/17096"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e37b271c473e1cbd01d62ebe1f3b011fc9fe638",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e37b271c473e1cbd01d62ebe1f3b011fc9fe638"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2016-52.html",
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2016-52.html"
},
{
"name" : "DSA-3671",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3671"
},
{
"name" : "1036760",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2016-52.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2016-52.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12750",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12750"
},
{
"name": "https://code.wireshark.org/review/17096",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/17096"
},
{
"name": "1036760",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036760"
},
{
"name": "DSA-3671",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3671"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e37b271c473e1cbd01d62ebe1f3b011fc9fe638",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e37b271c473e1cbd01d62ebe1f3b011fc9fe638"
}
]
}
}

150
2016/7xxx/CVE-2016-7191.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/AzureAD/passport-azure-ad/blob/master/SECURITY-NOTICE.MD",
"refsource" : "CONFIRM",
"url" : "https://github.com/AzureAD/passport-azure-ad/blob/master/SECURITY-NOTICE.MD"
},
{
"name" : "3187742",
"refsource" : "MSKB",
"url" : "https://support.microsoft.com/kb/3187742"
},
{
"name" : "93213",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93213"
},
{
"name" : "1036996",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036996"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AzureAD/passport-azure-ad/blob/master/SECURITY-NOTICE.MD",
"refsource": "CONFIRM",
"url": "https://github.com/AzureAD/passport-azure-ad/blob/master/SECURITY-NOTICE.MD"
},
{
"name": "1036996",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036996"
},
{
"name": "3187742",
"refsource": "MSKB",
"url": "https://support.microsoft.com/kb/3187742"
},
{
"name": "93213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93213"
}
]
}
}

152
2016/8xxx/CVE-2016-8312.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2016-8312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Private Banking",
"version" : {
"version_data" : [
{
"version_value" : "2.0.1"
},
{
"version_value" : "2.2.0"
},
{
"version_value" : "12.0.1"
}
]
}
}
]
},
"vendor_name" : "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Private Banking",
"version": {
"version_data": [
{
"version_value": "2.0.1"
},
{
"version_value": "2.2.0"
},
{
"version_value": "12.0.1"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "95469",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95469"
},
{
"name" : "1037636",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037636"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95469"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

130
2016/8xxx/CVE-2016-8475.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32591129."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name" : "95244",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95244"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32591129."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95244"
}
]
}
}

150
2016/8xxx/CVE-2016-8564.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8564",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"name" : "93553",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93553"
},
{
"name" : "1037011",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037011"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02"
},
{
"name": "1037011",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037011"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf"
},
{
"name": "93553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93553"
}
]
}
}

130
2016/8xxx/CVE-2016-8566.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-8566",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Siemens SICAM PAS before 8.00",
"version" : {
"version_data" : [
{
"version_value" : "Siemens SICAM PAS before 8.00"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Siemens SICAM PAS Storing Passwords in a Recoverable Format"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Siemens SICAM PAS before 8.00",
"version": {
"version_data": [
{
"version_value": "Siemens SICAM PAS before 8.00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01"
},
{
"name" : "94552",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Siemens SICAM PAS Storing Passwords in a Recoverable Format"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94552"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01"
}
]
}
}

130
2016/9xxx/CVE-2016-9197.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-9197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Shell Bypass Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-9197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers",
"version": {
"version_data": [
{
"version_value": "Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme"
},
{
"name" : "97469",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Shell Bypass Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme"
},
{
"name": "97469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97469"
}
]
}
}