admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:55:17 +00:00
parent be7d2177cd
commit 375b68226f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3550 additions and 3550 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/0xxx/CVE-2006-0066.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060101 [eVuln] PHPjournaler SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420666/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/9/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/9/summary.html"
},
{
"name" : "16111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16111"
},
{
"name" : "ADV-2006-0006",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0006"
},
{
"name" : "22149",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22149"
},
{
"name" : "18265",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18265"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16111"
},
{
"name": "ADV-2006-0006",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0006"
},
{
"name": "20060101 [eVuln] PHPjournaler SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420666/100/0/threaded"
},
{
"name": "22149",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22149"
},
{
"name": "18265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18265"
},
{
"name": "http://evuln.com/vulns/9/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/9/summary.html"
}
]
}
}

160
2006/0xxx/CVE-2006-0176.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0176",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060110 mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421849/100/0/threaded"
},
{
"name" : "20060110 mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation.",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0353.html"
},
{
"name" : "http://x.mame.net/changes-unix.html",
"refsource" : "CONFIRM",
"url" : "http://x.mame.net/changes-unix.html"
},
{
"name" : "16203",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16203"
},
{
"name" : "xmame-multiple-parameters-bo(24102)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24102"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://x.mame.net/changes-unix.html",
"refsource": "CONFIRM",
"url": "http://x.mame.net/changes-unix.html"
},
{
"name": "20060110 mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421849/100/0/threaded"
},
{
"name": "xmame-multiple-parameters-bo(24102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24102"
},
{
"name": "20060110 mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation.",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0353.html"
},
{
"name": "16203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16203"
}
]
}
}

180
2006/0xxx/CVE-2006-0370.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0370",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060120 [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422499/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/42/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/42/summary.html"
},
{
"name" : "http://www.fluffington.com/index.php?page=rcblog",
"refsource" : "MISC",
"url" : "http://www.fluffington.com/index.php?page=rcblog"
},
{
"name" : "22679",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22679"
},
{
"name" : "1015523",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015523"
},
{
"name" : "18547",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18547"
},
{
"name" : "rcblog-data-config-insecure-directories(24249)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24249"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22679",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22679"
},
{
"name": "20060120 [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422499/100/0/threaded"
},
{
"name": "1015523",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015523"
},
{
"name": "18547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18547"
},
{
"name": "http://evuln.com/vulns/42/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/42/summary.html"
},
{
"name": "http://www.fluffington.com/index.php?page=rcblog",
"refsource": "MISC",
"url": "http://www.fluffington.com/index.php?page=rcblog"
},
{
"name": "rcblog-data-config-insecure-directories(24249)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24249"
}
]
}
}

160
2006/1xxx/CVE-2006-1288.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1288",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://forums.invisionpower.com/index.php?showtopic=204627",
"refsource" : "CONFIRM",
"url" : "http://forums.invisionpower.com/index.php?showtopic=204627"
},
{
"name" : "http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642",
"refsource" : "CONFIRM",
"url" : "http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642"
},
{
"name" : "ADV-2006-0861",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0861"
},
{
"name" : "19141",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19141"
},
{
"name" : "invision-multiple-sql-injection(25100)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25100"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.invisionpower.com/index.php?showtopic=204627",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=204627"
},
{
"name": "http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642"
},
{
"name": "19141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19141"
},
{
"name": "ADV-2006-0861",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0861"
},
{
"name": "invision-multiple-sql-injection(25100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25100"
}
]
}
}

220
2006/1xxx/CVE-2006-1778.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1778",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060412 Simplog <=0.9.2 multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name" : "1663",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1663"
},
{
"name" : "http://retrogod.altervista.org/simplog_092_incl_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name" : "17491",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17491"
},
{
"name" : "ADV-2006-1332",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name" : "24560",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24560"
},
{
"name" : "24561",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24561"
},
{
"name" : "1015904",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015904"
},
{
"name" : "19628",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19628"
},
{
"name" : "702",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/702"
},
{
"name" : "simplog-index-archive-sql-injection(25776)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25776"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19628"
},
{
"name": "simplog-index-archive-sql-injection(25776)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25776"
},
{
"name": "1015904",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015904"
},
{
"name": "1663",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "20060412 Simplog <=0.9.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "24560",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24560"
},
{
"name": "17491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17491"
},
{
"name": "702",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/702"
},
{
"name": "http://retrogod.altervista.org/simplog_092_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "24561",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24561"
},
{
"name": "ADV-2006-1332",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1332"
}
]
}
}

200
2006/1xxx/CVE-2006-1827.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1827",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory",
"refsource" : "MISC",
"url" : "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory"
},
{
"name" : "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz",
"refsource" : "CONFIRM",
"url" : "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz"
},
{
"name" : "DSA-1048",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1048"
},
{
"name" : "SUSE-SR:2006:009",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_04_28.html"
},
{
"name" : "17561",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17561"
},
{
"name" : "ADV-2006-1478",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1478"
},
{
"name" : "19800",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19800"
},
{
"name" : "19872",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19872"
},
{
"name" : "19897",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19897"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19872"
},
{
"name": "ADV-2006-1478",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1478"
},
{
"name": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory",
"refsource": "MISC",
"url": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory"
},
{
"name": "DSA-1048",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1048"
},
{
"name": "17561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17561"
},
{
"name": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz"
},
{
"name": "19800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19800"
},
{
"name": "19897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
]
}
}

34
2006/4xxx/CVE-2006-4690.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4690",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-4690",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

160
2006/4xxx/CVE-2006-4767.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4767",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read arbitrary local files via a .. (dot dot) sequence in the ide parameter in modify.php and (2) write to arbitrary local files via a .. sequence in the var parameter in add_go.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "84154",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84154"
},
{
"name" : "ADV-2006-3558",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3558"
},
{
"name" : "28812",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28812"
},
{
"name" : "21826",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21826"
},
{
"name" : "newsscript-modify-information-disclosure(28894)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28894"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read arbitrary local files via a .. (dot dot) sequence in the ide parameter in modify.php and (2) write to arbitrary local files via a .. sequence in the var parameter in add_go.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28812",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28812"
},
{
"name": "84154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84154"
},
{
"name": "21826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21826"
},
{
"name": "newsscript-modify-information-disclosure(28894)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28894"
},
{
"name": "ADV-2006-3558",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3558"
}
]
}
}

210
2006/5xxx/CVE-2006-5403.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5403",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
},
{
"name" : "VU#400601",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/400601"
},
{
"name" : "20348",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20348"
},
{
"name" : "ADV-2006-3929",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3929"
},
{
"name" : "1016988",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016988"
},
{
"name" : "1016989",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016989"
},
{
"name" : "1016990",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016990"
},
{
"name" : "1016991",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016991"
},
{
"name" : "22228",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22228"
},
{
"name" : "symantec-support-tool-activex-bo(29363)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016988",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016988"
},
{
"name": "1016991",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016991"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
},
{
"name": "1016989",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016989"
},
{
"name": "ADV-2006-3929",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3929"
},
{
"name": "VU#400601",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/400601"
},
{
"name": "symantec-support-tool-activex-bo(29363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
},
{
"name": "22228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22228"
},
{
"name": "1016990",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016990"
},
{
"name": "20348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20348"
}
]
}
}

150
2006/5xxx/CVE-2006-5549.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party researcher who states that AMFPHP_BASE is a constant."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061024 Re: adobe php sdk Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449616/100/0/threaded"
},
{
"name" : "20061024 adobe php sdk Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449576/100/0/threaded"
},
{
"name" : "1784",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1784"
},
{
"name" : "adobe-php-sdk-cachedgateway-file-include(29776)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29776"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party researcher who states that AMFPHP_BASE is a constant."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061024 adobe php sdk Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449576/100/0/threaded"
},
{
"name": "20061024 Re: adobe php sdk Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449616/100/0/threaded"
},
{
"name": "adobe-php-sdk-cachedgateway-file-include(29776)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29776"
},
{
"name": "1784",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1784"
}
]
}
}

140
2006/5xxx/CVE-2006-5884.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5884",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS06-067",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"name" : "TA06-318A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"name" : "31324",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/31324"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA06-318A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"name": "31324",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31324"
},
{
"name": "MS06-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
}
]
}
}

220
2010/0xxx/CVE-2010-0129.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-0129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100511 Abobe Shockwave Player Heap Memory Indexing Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869"
},
{
"name" : "20100512 Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511262/100/0/threaded"
},
{
"name" : "20100512 [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511256/100/0/threaded"
},
{
"name" : "20100511 [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html"
},
{
"name" : "http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html",
"refsource" : "MISC",
"url" : "http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html"
},
{
"name" : "http://secunia.com/secunia_research/2010-20/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-20/"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name" : "40082",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40082"
},
{
"name" : "oval:org.mitre.oval:def:7134",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7134"
},
{
"name" : "38751",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38751"
},
{
"name" : "ADV-2010-1128",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38751"
},
{
"name": "20100512 [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511256/100/0/threaded"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name": "20100511 [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html"
},
{
"name": "40082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40082"
},
{
"name": "20100511 Abobe Shockwave Player Heap Memory Indexing Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869"
},
{
"name": "ADV-2010-1128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"name": "http://secunia.com/secunia_research/2010-20/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-20/"
},
{
"name": "http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html",
"refsource": "MISC",
"url": "http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html"
},
{
"name": "20100512 Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511262/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:7134",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7134"
}
]
}
}

170
2010/0xxx/CVE-2010-0284.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=7006255&sliceId=1",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=7006255&sliceId=1"
},
{
"name" : "40931",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40931"
},
{
"name" : "1024132",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024132"
},
{
"name" : "40198",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40198"
},
{
"name" : "ADV-2010-1516",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1516"
},
{
"name" : "accessmgr-admincosole-getentry-file-upload(59528)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59528"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "accessmgr-admincosole-getentry-file-upload(59528)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59528"
},
{
"name": "1024132",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024132"
},
{
"name": "40198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40198"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7006255&sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7006255&sliceId=1"
},
{
"name": "ADV-2010-1516",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1516"
},
{
"name": "40931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40931"
}
]
}
}

150
2010/0xxx/CVE-2010-0456.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0456",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "11222",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11222"
},
{
"name" : "37920",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37920"
},
{
"name" : "37934",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37934"
},
{
"name" : "gameserver-grp-sql-injection(55829)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55829"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37920"
},
{
"name": "gameserver-grp-sql-injection(55829)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55829"
},
{
"name": "11222",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11222"
},
{
"name": "37934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37934"
}
]
}
}

140
2010/0xxx/CVE-2010-0872.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0872",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3 allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name" : "TA10-103B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name" : "39439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39439"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3 allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-103B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name": "39439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39439"
}
]
}
}

150
2010/2xxx/CVE-2010-2073.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100613 CVE request - pyftpd default username and password vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/06/13/2"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585776",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585776"
},
{
"name" : "40839",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40839"
},
{
"name" : "pyftpd-default-account(59431)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59431"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pyftpd-default-account(59431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59431"
},
{
"name": "40839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40839"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585776",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585776"
},
{
"name": "[oss-security] 20100613 CVE request - pyftpd default username and password vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/13/2"
}
]
}
}

130
2010/2xxx/CVE-2010-2855.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) YourEmail and (2) VerificationNumber parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41580",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41580"
},
{
"name" : "40517",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40517"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) YourEmail and (2) VerificationNumber parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41580"
},
{
"name": "40517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40517"
}
]
}
}

150
2010/3xxx/CVE-2010-3369.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, and other versions before 2.8.1, place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598299",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598299"
},
{
"name" : "http://www.mono-project.com/Vulnerabilities#mono-debugger_Insecure_Use_of_LD_LIBRARY_PATH",
"refsource" : "CONFIRM",
"url" : "http://www.mono-project.com/Vulnerabilities#mono-debugger_Insecure_Use_of_LD_LIBRARY_PATH"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=647353",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=647353"
},
{
"name" : "42348",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42348"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, and other versions before 2.8.1, place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42348"
},
{
"name": "http://www.mono-project.com/Vulnerabilities#mono-debugger_Insecure_Use_of_LD_LIBRARY_PATH",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities#mono-debugger_Insecure_Use_of_LD_LIBRARY_PATH"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598299",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598299"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=647353",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=647353"
}
]
}
}

180
2010/3xxx/CVE-2010-3931.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3931",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2010-3931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://another.rocomotion.jp/12949466953653.html",
"refsource" : "CONFIRM",
"url" : "http://another.rocomotion.jp/12949466953653.html"
},
{
"name" : "JVN#09115481",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN09115481/index.html"
},
{
"name" : "JVNDB-2011-000006",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000006.html"
},
{
"name" : "45838",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45838"
},
{
"name" : "70495",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70495"
},
{
"name" : "42957",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42957"
},
{
"name" : "rocomotion-unspecified-xss(64745)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64745"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#09115481",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN09115481/index.html"
},
{
"name": "42957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42957"
},
{
"name": "JVNDB-2011-000006",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000006.html"
},
{
"name": "45838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45838"
},
{
"name": "rocomotion-unspecified-xss(64745)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64745"
},
{
"name": "http://another.rocomotion.jp/12949466953653.html",
"refsource": "CONFIRM",
"url": "http://another.rocomotion.jp/12949466953653.html"
},
{
"name": "70495",
"refsource": "OSVDB",
"url": "http://osvdb.org/70495"
}
]
}
}

34
2010/3xxx/CVE-2010-3935.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3935",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-3935",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

34
2010/3xxx/CVE-2010-3968.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3968",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-3968",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

170
2010/4xxx/CVE-2010-4413.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Scheduler Agent component in Oracle Database Server 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "45845",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45845"
},
{
"name" : "1024972",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024972"
},
{
"name" : "42895",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42895"
},
{
"name" : "ADV-2011-0139",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0139"
},
{
"name" : "oracle-db-scheduler-agent-unspec(64759)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64759"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Scheduler Agent component in Oracle Database Server 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0139",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0139"
},
{
"name": "1024972",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024972"
},
{
"name": "45845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45845"
},
{
"name": "42895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42895"
},
{
"name": "oracle-db-scheduler-agent-unspec(64759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64759"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
}
]
}
}

170
2010/4xxx/CVE-2010-4424.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.0 through 8.49.29, 8.50.0 through 8.50.14, and 8.51.0 through 8.51.04 allows remote attackers to affect availability via unknown vectors related to the Security sub-component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "45862",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45862"
},
{
"name" : "1024978",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024978"
},
{
"name" : "42924",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42924"
},
{
"name" : "ADV-2011-0147",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0147"
},
{
"name" : "peoplesoft-security-dos(64786)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64786"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.0 through 8.49.29, 8.50.0 through 8.50.14, and 8.51.0 through 8.51.04 allows remote attackers to affect availability via unknown vectors related to the Security sub-component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0147",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0147"
},
{
"name": "42924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42924"
},
{
"name": "1024978",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024978"
},
{
"name": "45862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45862"
},
{
"name": "peoplesoft-security-dos(64786)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64786"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
}
]
}
}

130
2010/4xxx/CVE-2010-4758.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4758",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.otrs.org/show_bug.cgi?id=6302",
"refsource" : "CONFIRM",
"url" : "http://bugs.otrs.org/show_bug.cgi?id=6302"
},
{
"name" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource" : "CONFIRM",
"url" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=6302",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=6302"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}

170
2011/5xxx/CVE-2011-5321.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-5321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150313 Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/03/13/17"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1201887",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1201887"
},
{
"name" : "https://github.com/torvalds/linux/commit/c290f8358acaeffd8e0c551ddcc24d1206143376",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/c290f8358acaeffd8e0c551ddcc24d1206143376"
},
{
"name" : "RHSA-2015:1221",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150313 Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/13/17"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1201887",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201887"
},
{
"name": "https://github.com/torvalds/linux/commit/c290f8358acaeffd8e0c551ddcc24d1206143376",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c290f8358acaeffd8e0c551ddcc24d1206143376"
},
{
"name": "RHSA-2015:1221",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
}
]
}
}

130
2014/10xxx/CVE-2014-10024.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140426 Divx plugin suite heap-based buffer overflow",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/283"
},
{
"name" : "67086",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67086"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140426 Divx plugin suite heap-based buffer overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/283"
},
{
"name": "67086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67086"
}
]
}
}

34
2014/3xxx/CVE-2014-3027.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3027",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3027",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2014/3xxx/CVE-2014-3127.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q2/191"
},
{
"name" : "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q2/227"
},
{
"name" : "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog",
"refsource" : "CONFIRM",
"url" : "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
},
{
"name" : "67181",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67181"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
},
{
"name": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog",
"refsource": "CONFIRM",
"url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
},
{
"name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/191"
},
{
"name": "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/227"
},
{
"name": "67181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67181"
}
]
}
}

140
2014/3xxx/CVE-2014-3325.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3325",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140717 Multiple Cross-Site Scripting Vulnerabilities in Cisco Customer Voice Portal",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325"
},
{
"name" : "68691",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68691"
},
{
"name" : "60546",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60546"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68691"
},
{
"name": "60546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60546"
},
{
"name": "20140717 Multiple Cross-Site Scripting Vulnerabilities in Cisco Customer Voice Portal",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325"
}
]
}
}

170
2014/4xxx/CVE-2014-4914.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4914",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-4914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140711 Re: Zend Framework CVEs",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/07/11/4"
},
{
"name" : "http://framework.zend.com/security/advisory/ZF2014-04",
"refsource" : "CONFIRM",
"url" : "http://framework.zend.com/security/advisory/ZF2014-04"
},
{
"name" : "DSA-3265",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2015/dsa-3265"
},
{
"name" : "JVN#71730320",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN71730320/index.html"
},
{
"name" : "68031",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68031"
},
{
"name" : "58847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58847"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58847"
},
{
"name": "[oss-security] 20140711 Re: Zend Framework CVEs",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/07/11/4"
},
{
"name": "JVN#71730320",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN71730320/index.html"
},
{
"name": "68031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68031"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2014-04",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2014-04"
},
{
"name": "DSA-3265",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2015/dsa-3265"
}
]
}
}

150
2014/8xxx/CVE-2014-8437.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8437",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow remote attackers to discover session tokens via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-8437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html"
},
{
"name" : "openSUSE-SU-2015:0725",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html"
},
{
"name" : "71036",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71036"
},
{
"name" : "adobe-flash-cve20148437-info-disc(98628)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98628"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow remote attackers to discover session tokens via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html"
},
{
"name": "adobe-flash-cve20148437-info-disc(98628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98628"
},
{
"name": "71036",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71036"
},
{
"name": "openSUSE-SU-2015:0725",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html"
}
]
}
}

34
2014/8xxx/CVE-2014-8556.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8556",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8556",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/9xxx/CVE-2014-9100.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydowork_adsense page to wp-admin/options-general.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html"
},
{
"name" : "68954",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68954"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydowork_adsense page to wp-admin/options-general.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68954"
},
{
"name": "http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html"
}
]
}
}

130
2014/9xxx/CVE-2014-9266.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-400/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-400/"
},
{
"name" : "71489",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71489"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-400/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-400/"
},
{
"name": "71489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71489"
}
]
}
}

130
2014/9xxx/CVE-2014-9463.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "36232",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/36232/"
},
{
"name" : "https://blog.sucuri.net/2015/01/serious-vulnerability-on-vbseo.html",
"refsource" : "CONFIRM",
"url" : "https://blog.sucuri.net/2015/01/serious-vulnerability-on-vbseo.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.sucuri.net/2015/01/serious-vulnerability-on-vbseo.html",
"refsource": "CONFIRM",
"url": "https://blog.sucuri.net/2015/01/serious-vulnerability-on-vbseo.html"
},
{
"name": "36232",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/36232/"
}
]
}
}

160
2014/9xxx/CVE-2014-9752.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9752",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the file in content/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20151104 [KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536834/100/0/threaded"
},
{
"name" : "20151104 [KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Nov/10"
},
{
"name" : "http://karmainsecurity.com/KIS-2015-05",
"refsource" : "MISC",
"url" : "http://karmainsecurity.com/KIS-2015-05"
},
{
"name" : "http://packetstormsecurity.com/files/134215/ATutor-2.2-File-Upload.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/134215/ATutor-2.2-File-Upload.html"
},
{
"name" : "http://update.atutor.ca/patch/2_2/2_2-6/patch.xml",
"refsource" : "CONFIRM",
"url" : "http://update.atutor.ca/patch/2_2/2_2-6/patch.xml"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the file in content/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151104 [KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536834/100/0/threaded"
},
{
"name": "http://update.atutor.ca/patch/2_2/2_2-6/patch.xml",
"refsource": "CONFIRM",
"url": "http://update.atutor.ca/patch/2_2/2_2-6/patch.xml"
},
{
"name": "http://karmainsecurity.com/KIS-2015-05",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2015-05"
},
{
"name": "20151104 [KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Nov/10"
},
{
"name": "http://packetstormsecurity.com/files/134215/ATutor-2.2-File-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134215/ATutor-2.2-File-Upload.html"
}
]
}
}

120
2014/9xxx/CVE-2014-9916.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9916",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "34089",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/34089"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34089",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34089"
}
]
}
}

34
2016/2xxx/CVE-2016-2124.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2124",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2124",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/2xxx/CVE-2016-2134.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2134",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2134",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/2xxx/CVE-2016-2425.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-04-02.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"name" : "https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/0d9dfd649bae9c181e3afc5d571903f1eb5dc46f",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/0d9dfd649bae9c181e3afc5d571903f1eb5dc46f"
},
{
"name" : "https://code.google.com/p/android/issues/detail?id=199888",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/android/issues/detail?id=199888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/0d9dfd649bae9c181e3afc5d571903f1eb5dc46f",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/0d9dfd649bae9c181e3afc5d571903f1eb5dc46f"
},
{
"name": "https://code.google.com/p/android/issues/detail?id=199888",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/android/issues/detail?id=199888"
},
{
"name": "http://source.android.com/security/bulletin/2016-04-02.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
}
]
}
}

150
2016/2xxx/CVE-2016-2511.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2511",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160222 Vulnerability in WebSVN 2.3.3",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Feb/99"
},
{
"name" : "http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html"
},
{
"name" : "DSA-3490",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3490"
},
{
"name" : "FEDORA-2016-657a1305aa",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179168.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html"
},
{
"name": "FEDORA-2016-657a1305aa",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179168.html"
},
{
"name": "DSA-3490",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3490"
},
{
"name": "20160222 Vulnerability in WebSVN 2.3.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/99"
}
]
}
}

34
2016/2xxx/CVE-2016-2658.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2658",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2658",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

150
2016/3xxx/CVE-2016-3353.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka \"Internet Explorer Security Feature Bypass.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-16-506/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-16-506/"
},
{
"name" : "MS16-104",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
},
{
"name" : "92827",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92827"
},
{
"name" : "1036788",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036788"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka \"Internet Explorer Security Feature Bypass.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92827"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-16-506/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-16-506/"
},
{
"name": "MS16-104",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
},
{
"name": "1036788",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036788"
}
]
}
}

310
2016/3xxx/CVE-2016-3610.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3610",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20160721-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20160721-0001/"
},
{
"name" : "GLSA-201610-08",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-08"
},
{
"name" : "GLSA-201701-43",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-43"
},
{
"name" : "RHSA-2016:1458",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1458"
},
{
"name" : "RHSA-2016:1475",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1475"
},
{
"name" : "RHSA-2016:1504",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1504.html"
},
{
"name" : "SUSE-SU-2016:1997",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
},
{
"name" : "SUSE-SU-2016:2012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
},
{
"name" : "openSUSE-SU-2016:1979",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
},
{
"name" : "openSUSE-SU-2016:2050",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
},
{
"name" : "openSUSE-SU-2016:2051",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
},
{
"name" : "openSUSE-SU-2016:2052",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
},
{
"name" : "openSUSE-SU-2016:2058",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
},
{
"name" : "USN-3043-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3043-1"
},
{
"name" : "USN-3062-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3062-1"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91930",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91930"
},
{
"name" : "1036365",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036365"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3043-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3043-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "GLSA-201610-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-08"
},
{
"name": "SUSE-SU-2016:2012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
},
{
"name": "openSUSE-SU-2016:2052",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20160721-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160721-0001/"
},
{
"name": "RHSA-2016:1475",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1475"
},
{
"name": "91930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91930"
},
{
"name": "openSUSE-SU-2016:2051",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
},
{
"name": "1036365",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036365"
},
{
"name": "GLSA-201701-43",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-43"
},
{
"name": "USN-3062-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3062-1"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2016:1997",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
},
{
"name": "RHSA-2016:1458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1458"
},
{
"name": "openSUSE-SU-2016:2050",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
},
{
"name": "openSUSE-SU-2016:1979",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
},
{
"name": "openSUSE-SU-2016:2058",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
},
{
"name": "RHSA-2016:1504",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1504.html"
}
]
}
}

200
2016/3xxx/CVE-2016-3841.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39"
},
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3"
},
{
"name" : "https://github.com/torvalds/linux/commit/45f6fad84cc305103b28d73482b344d7f5b76f39",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/45f6fad84cc305103b28d73482b344d7f5b76f39"
},
{
"name" : "RHSA-2016:0855",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0855.html"
},
{
"name" : "RHSA-2016:2574",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name" : "RHSA-2016:2584",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name" : "RHSA-2016:2695",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2695.html"
},
{
"name" : "92227",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92227"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "RHSA-2016:0855",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html"
},
{
"name": "https://github.com/torvalds/linux/commit/45f6fad84cc305103b28d73482b344d7f5b76f39",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/45f6fad84cc305103b28d73482b344d7f5b76f39"
},
{
"name": "RHSA-2016:2584",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3"
},
{
"name": "92227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92227"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39"
},
{
"name": "RHSA-2016:2695",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2695.html"
}
]
}
}

34
2016/6xxx/CVE-2016-6119.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6119",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6119",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/6xxx/CVE-2016-6215.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6215",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6215",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2016/6xxx/CVE-2016-6360.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco AsyncOS through WSA10.0.0-000",
"version" : {
"version_data" : [
{
"version_value" : "Cisco AsyncOS through WSA10.0.0-000"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco AsyncOS through WSA10.0.0-000",
"version": {
"version_data": [
{
"version_value": "Cisco AsyncOS through WSA10.0.0-000"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3"
},
{
"name" : "93910",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93910"
},
{
"name" : "1037120",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037120"
},
{
"name" : "1037121",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037121"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93910"
},
{
"name": "1037120",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037120"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3"
},
{
"name": "1037121",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037121"
}
]
}
}

120
2016/6xxx/CVE-2016-6879.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6879",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://botan.randombit.net/security.html#id2",
"refsource" : "CONFIRM",
"url" : "https://botan.randombit.net/security.html#id2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://botan.randombit.net/security.html#id2",
"refsource": "CONFIRM",
"url": "https://botan.randombit.net/security.html#id2"
}
]
}
}

140
2016/7xxx/CVE-2016-7020.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-7020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html"
},
{
"name" : "RHSA-2016:1423",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1423"
},
{
"name" : "94192",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94192"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html"
},
{
"name": "RHSA-2016:1423",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1423"
},
{
"name": "94192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94192"
}
]
}
}

140
2016/7xxx/CVE-2016-7296.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7296",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-145",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145"
},
{
"name" : "94738",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94738"
},
{
"name" : "1037444",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037444"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037444",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037444"
},
{
"name": "MS16-145",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145"
},
{
"name": "94738",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94738"
}
]
}
}

160
2016/7xxx/CVE-2016-7579.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7579",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"CFNetwork Proxies\" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207270",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207270"
},
{
"name" : "https://support.apple.com/HT207271",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207271"
},
{
"name" : "https://support.apple.com/HT207275",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207275"
},
{
"name" : "93856",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93856"
},
{
"name" : "1037086",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037086"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"CFNetwork Proxies\" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207271",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207271"
},
{
"name": "1037086",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037086"
},
{
"name": "https://support.apple.com/HT207270",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207270"
},
{
"name": "https://support.apple.com/HT207275",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207275"
},
{
"name": "93856",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93856"
}
]
}
}