admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:57:28 +00:00
parent 9764d6dfb1
commit 3abc779936
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
63 changed files with 4559 additions and 4559 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

330
2006/0xxx/CVE-2006-0010.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2006-0010", "ID": "CVE-2006-0010",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "EEYEB20050801", "description_data": [
"refsource" : "EEYE", {
"url" : "http://www.eeye.com/html/Research/Advisories/EEYEB20050801.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression."
{ }
"name" : "20060110 [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/421885/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20060110 [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability", "description": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2006/Jan/363" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525", ]
"refsource" : "MISC", }
"url" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525" ]
}, },
{ "references": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm" "name": "20060110 [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2006/Jan/363"
"name" : "MS06-002", },
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-002" "name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525",
}, "refsource": "MISC",
{ "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525"
"name" : "TA06-010A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-010A.html" "name": "VU#915930",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/915930"
"name" : "VU#915930", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/915930" "name": "EEYEB20050801",
}, "refsource": "EEYE",
{ "url": "http://www.eeye.com/html/Research/Advisories/EEYEB20050801.html"
"name" : "16194", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16194" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm"
"name" : "ADV-2006-0118", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0118" "name": "18829",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/18829"
"name" : "18829", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18829" "name": "ADV-2006-0118",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0118"
"name" : "oval:org.mitre.oval:def:1126", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1126" "name": "18391",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18391"
"name" : "oval:org.mitre.oval:def:1185", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1185" "name": "MS06-002",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-002"
"name" : "oval:org.mitre.oval:def:1462", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1462" "name": "win-embedded-fonts-bo(23922)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23922"
"name" : "oval:org.mitre.oval:def:1491", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1491" "name": "oval:org.mitre.oval:def:698",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A698"
"name" : "oval:org.mitre.oval:def:698", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A698" "name": "oval:org.mitre.oval:def:1185",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1185"
"name" : "oval:org.mitre.oval:def:714", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A714" "name": "oval:org.mitre.oval:def:714",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A714"
"name" : "1015459", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015459" "name": "oval:org.mitre.oval:def:1462",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1462"
"name" : "18365", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18365" "name": "1015459",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015459"
"name" : "18391", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18391" "name": "18311",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18311"
"name" : "18311", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18311" "name": "oval:org.mitre.oval:def:1126",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1126"
"name" : "win-embedded-fonts-bo(23922)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23922" "name": "18365",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18365"
} },
} {
"name": "oval:org.mitre.oval:def:1491",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1491"
},
{
"name": "20060110 [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421885/100/0/threaded"
},
{
"name": "16194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16194"
},
{
"name": "TA06-010A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-010A.html"
}
]
}
}

170
2006/0xxx/CVE-2006-0442.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0442", "ID": "CVE-2006-0442",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060124 [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/423128/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219."
{ }
"name" : "http://kapda.ir/advisory-241.html", ]
"refsource" : "MISC", },
"url" : "http://kapda.ir/advisory-241.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16361", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16361" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0316", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0316" ]
}, },
{ "references": {
"name" : "1015535", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015535" "name": "http://kapda.ir/advisory-241.html",
}, "refsource": "MISC",
{ "url": "http://kapda.ir/advisory-241.html"
"name" : "18603", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18603" "name": "18603",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18603"
} },
} {
"name": "20060124 [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423128/100/0/threaded"
},
{
"name": "1015535",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015535"
},
{
"name": "ADV-2006-0316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0316"
},
{
"name": "16361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16361"
}
]
}
}

180
2006/0xxx/CVE-2006-0717.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0717", "ID": "CVE-2006-0717",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[Dailydave] 20060211 IBM Tivoli Directory Server 0day", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.immunitysec.com/pipermail/dailydave/2006-February/002921.html" "lang": "eng",
}, "value": "IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite."
{ }
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21230820", ]
"refsource" : "CONFIRM", },
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21230820" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16593", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16593" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0537", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0537" ]
}, },
{ "references": {
"name" : "1015653", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015653" "name": "1015653",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015653"
"name" : "18779", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18779" "name": "ADV-2006-0537",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0537"
"name" : "tivoli-directory-ldap-dos(24619)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24619" "name": "tivoli-directory-ldap-dos(24619)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24619"
} },
} {
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21230820",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21230820"
},
{
"name": "18779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18779"
},
{
"name": "[Dailydave] 20060211 IBM Tivoli Directory Server 0day",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-February/002921.html"
},
{
"name": "16593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16593"
}
]
}
}

180
2006/0xxx/CVE-2006-0754.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0754", "ID": "CVE-2006-0754",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060214 dotproject <= 2.0.1 remote code execution", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/424957/100/0/threaded" "lang": "eng",
}, "value": "** DISPUTED ** dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php."
{ }
"name" : "20060215 Re: dotproject <= 2.0.1 remote code execution", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/425285/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16648", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16648" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0604", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0604" ]
}, },
{ "references": {
"name" : "23206", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/23206" "name": "23206",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/23206"
"name" : "18879", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18879" "name": "20060214 dotproject <= 2.0.1 remote code execution",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
"name" : "dotproject-phpinfo-check-obtain-info(24745)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24745" "name": "dotproject-phpinfo-check-obtain-info(24745)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24745"
} },
} {
"name": "18879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18879"
},
{
"name": "16648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16648"
},
{
"name": "ADV-2006-0604",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name": "20060215 Re: dotproject <= 2.0.1 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
}
]
}
}

140
2006/0xxx/CVE-2006-0763.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0763", "ID": "CVE-2006-0763",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060207 Re: cPanel Multiple Cross Site Scripting Vulnerability", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0129.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter."
{ }
"name" : "22971", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/22971" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "cpanel-dowebmailforward-xss(24839)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24839" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20060207 Re: cPanel Multiple Cross Site Scripting Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0129.html"
},
{
"name": "cpanel-dowebmailforward-xss(24839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24839"
},
{
"name": "22971",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22971"
}
]
}
}

34
2006/1xxx/CVE-2006-1053.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1053", "ID": "CVE-2006-1053",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

200
2006/1xxx/CVE-2006-1058.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-1058", "ID": "CVE-2006-1058",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.busybox.net/view.php?id=604", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.busybox.net/view.php?id=604" "lang": "eng",
}, "value": "BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables."
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2007:0244", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0244.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17330", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/17330" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:9483", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483" "name": "25098",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25098"
"name" : "19477", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19477" "name": "17330",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17330"
"name" : "25098", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25098" "name": "oval:org.mitre.oval:def:9483",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483"
"name" : "25848", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25848" "name": "19477",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19477"
"name" : "busybox-passwd-weak-security(25569)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25569" "name": "http://bugs.busybox.net/view.php?id=604",
} "refsource": "CONFIRM",
] "url": "http://bugs.busybox.net/view.php?id=604"
} },
} {
"name": "25848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25848"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm"
},
{
"name": "RHSA-2007:0244",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0244.html"
},
{
"name": "busybox-passwd-weak-security(25569)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25569"
}
]
}
}

160
2006/1xxx/CVE-2006-1587.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1587", "ID": "CVE-2006-1587",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetBSD 1.6 up to 3.0, when a user has \"set record\" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "NetBSD-SA2006-007", "description_data": [
"refsource" : "NETBSD", {
"url" : "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-007.txt.asc" "lang": "eng",
}, "value": "NetBSD 1.6 up to 3.0, when a user has \"set record\" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file."
{ }
"name" : "24258", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/24258" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1015847", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015847" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19465", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/19465" ]
}, },
{ "references": {
"name" : "bsd-mailrc-insecure-permissions(25581)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25581" "name": "NetBSD-SA2006-007",
} "refsource": "NETBSD",
] "url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-007.txt.asc"
} },
} {
"name": "19465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19465"
},
{
"name": "1015847",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015847"
},
{
"name": "24258",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24258"
},
{
"name": "bsd-mailrc-insecure-permissions(25581)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25581"
}
]
}
}

180
2006/1xxx/CVE-2006-1612.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1612", "ID": "CVE-2006-1612",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060414 [eVuln] aWebNews Multiple XSS and SQL Injection Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/431007/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters."
{ }
"name" : "http://evuln.com/vulns/116/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/116/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-1196", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1196" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "24333", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/24333" ]
}, },
{ "references": {
"name" : "19487", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19487" "name": "ADV-2006-1196",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1196"
"name" : "707", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/707" "name": "20060414 [eVuln] aWebNews Multiple XSS and SQL Injection Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/431007/100/0/threaded"
"name" : "awebnews-visview-xss(25589)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25589" "name": "19487",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/19487"
} },
} {
"name": "24333",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24333"
},
{
"name": "http://evuln.com/vulns/116/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/116/summary.html"
},
{
"name": "awebnews-visview-xss(25589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25589"
},
{
"name": "707",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/707"
}
]
}
}

160
2006/3xxx/CVE-2006-3375.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3375", "ID": "CVE-2006-3375",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/header.inc.php in Randshop 1.1.1 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "1971", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/1971" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in includes/header.inc.php in Randshop 1.1.1 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter."
{ }
"name" : "18763", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18763" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2740", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2740" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1016436", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1016436" ]
}, },
{ "references": {
"name" : "randshop-headerinc-file-include(27541)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27541" "name": "ADV-2006-2740",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/2740"
} },
} {
"name": "1016436",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016436"
},
{
"name": "18763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18763"
},
{
"name": "1971",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1971"
},
{
"name": "randshop-headerinc-file-include(27541)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27541"
}
]
}
}

180
2006/4xxx/CVE-2006-4043.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4043", "ID": "CVE-2006-4043",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060805 MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/442323/100/0/threaded" "lang": "eng",
}, "value": "index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message."
{ }
"name" : "http://retrogod.altervista.org/mybloggie_214_sql.html", ]
"refsource" : "MISC", },
"url" : "http://retrogod.altervista.org/mybloggie_214_sql.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2118", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2118" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-3179", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/3179" ]
}, },
{ "references": {
"name" : "21376", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21376" "name": "ADV-2006-3179",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3179"
"name" : "1347", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1347" "name": "20060805 MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"
"name" : "mybloggie-index-information-disclosure(28242)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28242" "name": "2118",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/2118"
} },
} {
"name": "21376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21376"
},
{
"name": "mybloggie-index-information-disclosure(28242)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28242"
},
{
"name": "1347",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1347"
},
{
"name": "http://retrogod.altervista.org/mybloggie_214_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/mybloggie_214_sql.html"
}
]
}
}

140
2006/4xxx/CVE-2006-4068.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4068", "ID": "CVE-2006-4068",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this script might also allow attackers to generate the server-side \"secret\" URL without determining the original password, but this possibility was not discussed by the original researcher."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060803 Javascript software authentication brute force attack", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/442120" "lang": "eng",
}, "value": "The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this script might also allow attackers to generate the server-side \"secret\" URL without determining the original password, but this possibility was not discussed by the original researcher."
{ }
"name" : "19333", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19333" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1362", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1362" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "19333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19333"
},
{
"name": "1362",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1362"
},
{
"name": "20060803 Javascript software authentication brute force attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442120"
}
]
}
}

170
2006/4xxx/CVE-2006-4629.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4629", "ID": "CVE-2006-4629",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2308", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2308" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter."
{ }
"name" : "19861", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19861" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3471", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3471" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28552", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/28552" ]
}, },
{ "references": {
"name" : "21758", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21758" "name": "28552",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/28552"
"name" : "cnews-path-file-include(28766)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28766" "name": "21758",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21758"
} },
} {
"name": "19861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19861"
},
{
"name": "2308",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2308"
},
{
"name": "ADV-2006-3471",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3471"
},
{
"name": "cnews-path-file-include(28766)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28766"
}
]
}
}

34
2006/4xxx/CVE-2006-4816.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4816", "ID": "CVE-2006-4816",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2006/4xxx/CVE-2006-4903.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4903", "ID": "CVE-2006-4903",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

570
2010/2xxx/CVE-2010-2227.json
View File

@ -1,287 +1,287 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2227", "ID": "CVE-2010-2227",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with \"recycling of a buffer.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100709 [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/512272/100/0/threaded" "lang": "eng",
}, "value": "Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with \"recycling of a buffer.\""
{ }
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://svn.apache.org/viewvc?view=revision&revision=958911", "description": [
"refsource" : "CONFIRM", {
"url" : "http://svn.apache.org/viewvc?view=revision&revision=958911" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://svn.apache.org/viewvc?view=revision&revision=958977", ]
"refsource" : "CONFIRM", }
"url" : "http://svn.apache.org/viewvc?view=revision&revision=958977" ]
}, },
{ "references": {
"name" : "http://svn.apache.org/viewvc?view=revision&revision=959428", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://svn.apache.org/viewvc?view=revision&revision=959428" "name": "http://www.novell.com/support/viewContent.do?externalId=7007274",
}, "refsource": "CONFIRM",
{ "url": "http://www.novell.com/support/viewContent.do?externalId=7007274"
"name" : "http://tomcat.apache.org/security-5.html", },
"refsource" : "CONFIRM", {
"url" : "http://tomcat.apache.org/security-5.html" "name": "20100709 [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/512272/100/0/threaded"
"name" : "http://tomcat.apache.org/security-6.html", },
"refsource" : "CONFIRM", {
"url" : "http://tomcat.apache.org/security-6.html" "name": "42079",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42079"
"name" : "http://tomcat.apache.org/security-7.html", },
"refsource" : "CONFIRM", {
"url" : "http://tomcat.apache.org/security-7.html" "name": "DSA-2207",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2207"
"name" : "http://geronimo.apache.org/21x-security-report.html", },
"refsource" : "CONFIRM", {
"url" : "http://geronimo.apache.org/21x-security-report.html" "name": "HPSBUX02860",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
"name" : "http://geronimo.apache.org/22x-security-report.html", },
"refsource" : "CONFIRM", {
"url" : "http://geronimo.apache.org/22x-security-report.html" "name": "http://www.novell.com/support/viewContent.do?externalId=7007275",
}, "refsource": "CONFIRM",
{ "url": "http://www.novell.com/support/viewContent.do?externalId=7007275"
"name" : "http://www.novell.com/support/viewContent.do?externalId=7007274", },
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/viewContent.do?externalId=7007274" "name": "MDVSA-2010:177",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"
"name" : "http://www.novell.com/support/viewContent.do?externalId=7007275", },
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/viewContent.do?externalId=7007275" "name": "ADV-2010-3056",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3056"
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" "name": "43310",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43310"
"name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" "name": "RHSA-2010:0581",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0581.html"
"name" : "http://support.apple.com/kb/HT5002", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5002" "name": "41544",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/41544"
"name" : "APPLE-SA-2011-10-12-3", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" "name": "http://tomcat.apache.org/security-7.html",
}, "refsource": "CONFIRM",
{ "url": "http://tomcat.apache.org/security-7.html"
"name" : "DSA-2207", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2207" "name": "FEDORA-2010-16270",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html"
"name" : "FEDORA-2010-16248", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html" "name": "ADV-2010-1986",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1986"
"name" : "FEDORA-2010-16270", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html" "name": "http://svn.apache.org/viewvc?view=revision&revision=959428",
}, "refsource": "CONFIRM",
{ "url": "http://svn.apache.org/viewvc?view=revision&revision=959428"
"name" : "HPSBUX02579", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=129070310906557&w=2" "name": "44183",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44183"
"name" : "SSRT100203", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=129070310906557&w=2" "name": "RHSA-2010:0580",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0580.html"
"name" : "HPSBUX02860", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" "name": "41025",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41025"
"name" : "SSRT101146", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" "name": "FEDORA-2010-16248",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html"
"name" : "HPSBST02955", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" "name": "http://geronimo.apache.org/22x-security-report.html",
}, "refsource": "CONFIRM",
{ "url": "http://geronimo.apache.org/22x-security-report.html"
"name" : "MDVSA-2010:176", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" "name": "40813",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40813"
"name" : "MDVSA-2010:177", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177" "name": "APPLE-SA-2011-10-12-3",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
"name" : "RHSA-2010:0580", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0580.html" "name": "MDVSA-2010:176",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
"name" : "RHSA-2010:0583", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0583.html" "name": "42368",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42368"
"name" : "RHSA-2010:0581", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0581.html" "name": "http://tomcat.apache.org/security-6.html",
}, "refsource": "CONFIRM",
{ "url": "http://tomcat.apache.org/security-6.html"
"name" : "RHSA-2010:0582", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0582.html" "name": "57126",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/57126"
"name" : "SUSE-SR:2010:017", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
"name" : "41544", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/41544" "name": "oval:org.mitre.oval:def:18532",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532"
"name" : "oval:org.mitre.oval:def:18532", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532" "name": "1024180",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1024180"
"name" : "1024180", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024180" "name": "SUSE-SR:2010:017",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
"name" : "40813", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40813" "name": "http://svn.apache.org/viewvc?view=revision&revision=958911",
}, "refsource": "CONFIRM",
{ "url": "http://svn.apache.org/viewvc?view=revision&revision=958911"
"name" : "41025", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41025" "name": "http://tomcat.apache.org/security-5.html",
}, "refsource": "CONFIRM",
{ "url": "http://tomcat.apache.org/security-5.html"
"name" : "42079", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42079" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
"name" : "42368", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42368" "name": "HPSBUX02579",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"
"name" : "42454", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42454" "name": "tomcat-transferencoding-dos(60264)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60264"
"name" : "43310", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43310" "name": "http://support.apple.com/kb/HT5002",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5002"
"name" : "44183", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44183" "name": "RHSA-2010:0582",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0582.html"
"name" : "57126", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57126" "name": "ADV-2010-2868",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2868"
"name" : "ADV-2010-1986", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1986" "name": "SSRT101146",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
"name" : "ADV-2010-2868", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2868" "name": "http://geronimo.apache.org/21x-security-report.html",
}, "refsource": "CONFIRM",
{ "url": "http://geronimo.apache.org/21x-security-report.html"
"name" : "ADV-2010-3056", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3056" "name": "42454",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42454"
"name" : "tomcat-transferencoding-dos(60264)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60264" "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
} },
} {
"name": "SSRT100203",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"
},
{
"name": "HPSBST02955",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=958977",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=958977"
},
{
"name": "RHSA-2010:0583",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0583.html"
}
]
}
}

34
2010/2xxx/CVE-2010-2473.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2473", "ID": "CVE-2010-2473",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

250
2010/2xxx/CVE-2010-2491.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2491", "ID": "CVE-2010-2491",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100702 CVE Request -- Roundup: XSS by processing PageTemplate template for a named page", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/07/02/3" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program."
{ }
"name" : "[oss-security] 20100702 Re: CVE Request -- Roundup: XSS by processing PageTemplate template for a named page", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/07/02/12" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[roundup-devel] 20100701 Roundup Issue Tracker 1.4.14 released", "description": [
"refsource" : "MLIST", {
"url" : "http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=326395", ]
"refsource" : "CONFIRM", }
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=326395" ]
}, },
{ "references": {
"name" : "http://issues.roundup-tracker.org/issue2550654", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://issues.roundup-tracker.org/issue2550654" "name": "FEDORA-2010-12290",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html"
"name" : "http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486", },
"refsource" : "CONFIRM", {
"url" : "http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486" "name": "[roundup-devel] 20100701 Roundup Issue Tracker 1.4.14 released",
}, "refsource": "MLIST",
{ "url": "http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com"
"name" : "http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486", },
"refsource" : "CONFIRM", {
"url" : "http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486" "name": "http://bugs.gentoo.org/show_bug.cgi?id=326395",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.gentoo.org/show_bug.cgi?id=326395"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=610861", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=610861" "name": "41585",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41585"
"name" : "FEDORA-2010-12261", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html" "name": "FEDORA-2010-12261",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html"
"name" : "FEDORA-2010-12269", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html" "name": "http://issues.roundup-tracker.org/issue2550654",
}, "refsource": "CONFIRM",
{ "url": "http://issues.roundup-tracker.org/issue2550654"
"name" : "FEDORA-2010-12290", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=610861",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=610861"
"name" : "41326", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/41326" "name": "[oss-security] 20100702 CVE Request -- Roundup: XSS by processing PageTemplate template for a named page",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/07/02/3"
"name" : "40433", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40433" "name": "40433",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40433"
"name" : "41585", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41585" "name": "41326",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/41326"
} },
} {
"name": "[oss-security] 20100702 Re: CVE Request -- Roundup: XSS by processing PageTemplate template for a named page",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/02/12"
},
{
"name": "http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486",
"refsource": "CONFIRM",
"url": "http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486"
},
{
"name": "http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486",
"refsource": "CONFIRM",
"url": "http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486"
},
{
"name": "FEDORA-2010-12269",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html"
}
]
}
}

120
2010/2xxx/CVE-2010-2502.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2502", "ID": "CVE-2010-2502",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.splunk.com/view/SP-CAAAFGD", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.splunk.com/view/SP-CAAAFGD" "lang": "eng",
} "value": "Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.splunk.com/view/SP-CAAAFGD",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAFGD"
}
]
}
}

210
2010/3xxx/CVE-2010-3055.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3055", "ID": "CVE-2010-3055",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=30c83acddb58d3bbf940b5f9ec28abf5b235f4d2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=30c83acddb58d3bbf940b5f9ec28abf5b235f4d2" "lang": "eng",
}, "value": "The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request."
{ }
"name" : "http://sourceforge.net/tracker/?func=detail&aid=3045132&group_id=23067&atid=377408", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/tracker/?func=detail&aid=3045132&group_id=23067&atid=377408" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2097", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2010/dsa-2097" ]
}, },
{ "references": {
"name" : "MDVSA-2010:163", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:163" "name": "42591",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/42591"
"name" : "42591", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/42591" "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php"
"name" : "41058", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41058" "name": "41058",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41058"
"name" : "41185", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41185" "name": "http://sourceforge.net/tracker/?func=detail&aid=3045132&group_id=23067&atid=377408",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/tracker/?func=detail&aid=3045132&group_id=23067&atid=377408"
"name" : "ADV-2010-2223", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2223" "name": "ADV-2010-2231",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2231"
"name" : "ADV-2010-2231", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2231" "name": "DSA-2097",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2010/dsa-2097"
} },
} {
"name": "MDVSA-2010:163",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:163"
},
{
"name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=30c83acddb58d3bbf940b5f9ec28abf5b235f4d2",
"refsource": "CONFIRM",
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=30c83acddb58d3bbf940b5f9ec28abf5b235f4d2"
},
{
"name": "ADV-2010-2223",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2223"
},
{
"name": "41185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41185"
}
]
}
}

150
2010/3xxx/CVE-2010-3466.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3466", "ID": "CVE-2010-3466",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in the hosted_signup module in NetArt Media iBoutique.MALL 1.2 allows remote attackers to inject arbitrary web script or HTML via the tmpl parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels-team.blogspot.com/2010/09/iboutiquemall-12-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels-team.blogspot.com/2010/09/iboutiquemall-12-xss-vuln.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in the hosted_signup module in NetArt Media iBoutique.MALL 1.2 allows remote attackers to inject arbitrary web script or HTML via the tmpl parameter. NOTE: some of these details are obtained from third party information."
{ }
"name" : "43146", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/43146" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36726", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36726" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "iboutiquemall-tmpl-xss(61737)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61737" ]
} },
] "references": {
} "reference_data": [
} {
"name": "43146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43146"
},
{
"name": "iboutiquemall-tmpl-xss(61737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61737"
},
{
"name": "http://pridels-team.blogspot.com/2010/09/iboutiquemall-12-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2010/09/iboutiquemall-12-xss-vuln.html"
},
{
"name": "36726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36726"
}
]
}
}

130
2010/3xxx/CVE-2010-3520.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-3520", "ID": "CVE-2010-3520",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise HCM - GP France component in Oracle PeopleSoft and JDEdwards Suite 8.81 SP1 Bundle #12, 8.9 GP Update 2010-E, 9.0 GP Update 2010-E, and 9.1 GP Update 2010-E allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the PeopleSoft Enterprise HCM - GP France component in Oracle PeopleSoft and JDEdwards Suite 8.81 SP1 Bundle #12, 8.9 GP Update 2010-E, 9.0 GP Update 2010-E, and 9.1 GP Update 2010-E allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
{ }
"name" : "TA10-287A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

34
2010/3xxx/CVE-2010-3617.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3617", "ID": "CVE-2010-3617",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

330
2010/3xxx/CVE-2010-3838.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3838", "ID": "CVE-2010-3838",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is \"processed using an intermediate temporary table.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.mysql.com/bug.php?id=54461", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugs.mysql.com/bug.php?id=54461" "lang": "eng",
}, "value": "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is \"processed using an intermediate temporary table.\""
{ }
"name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html", ]
"refsource" : "CONFIRM", },
"url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html", ]
"refsource" : "CONFIRM", }
"url" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=640858", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=640858" "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html",
}, "refsource": "CONFIRM",
{ "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html"
"name" : "http://support.apple.com/kb/HT4723", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4723" "name": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html",
}, "refsource": "CONFIRM",
{ "url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html"
"name" : "APPLE-SA-2011-06-23-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" "name": "USN-1397-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1397-1"
"name" : "DSA-2143", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2143" "name": "mysql-longblob-dos(64840)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64840"
"name" : "MDVSA-2010:222", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" "name": "http://support.apple.com/kb/HT4723",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4723"
"name" : "MDVSA-2010:223", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223" "name": "42875",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42875"
"name" : "RHSA-2010:0825", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0825.html" "name": "USN-1017-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1017-1"
"name" : "RHSA-2011:0164", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0164.html" "name": "APPLE-SA-2011-06-23-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
"name" : "TLSA-2011-3", },
"refsource" : "TURBO", {
"url" : "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt" "name": "TLSA-2011-3",
}, "refsource": "TURBO",
{ "url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt"
"name" : "USN-1017-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1017-1" "name": "ADV-2011-0105",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0105"
"name" : "USN-1397-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1397-1" "name": "MDVSA-2010:222",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222"
"name" : "43676", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43676" "name": "RHSA-2011:0164",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0164.html"
"name" : "42875", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42875" "name": "ADV-2011-0170",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0170"
"name" : "42936", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42936" "name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html",
}, "refsource": "CONFIRM",
{ "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html"
"name" : "ADV-2011-0105", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0105" "name": "DSA-2143",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2143"
"name" : "ADV-2011-0170", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0170" "name": "43676",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/43676"
"name" : "ADV-2011-0345", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0345" "name": "ADV-2011-0345",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0345"
"name" : "mysql-longblob-dos(64840)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64840" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=640858",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=640858"
} },
} {
"name": "42936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42936"
},
{
"name": "http://bugs.mysql.com/bug.php?id=54461",
"refsource": "MISC",
"url": "http://bugs.mysql.com/bug.php?id=54461"
},
{
"name": "RHSA-2010:0825",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0825.html"
},
{
"name": "MDVSA-2010:223",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223"
}
]
}
}

140
2010/3xxx/CVE-2010-3987.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2010-3987", "ID": "CVE-2010-3987",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBMA02598", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=128811259326540&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "SSRT100314", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=128811259326540&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1024641", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024641" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "SSRT100314",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128811259326540&w=2"
},
{
"name": "HPSBMA02598",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128811259326540&w=2"
},
{
"name": "1024641",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024641"
}
]
}
}

390
2010/4xxx/CVE-2010-4539.json
View File

@ -1,197 +1,197 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-4539", "ID": "CVE-2010-4539",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110102 CVE request for subversion", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/01/02/1" "lang": "eng",
}, "value": "The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections."
{ }
"name" : "[oss-security] 20110103 Re: CVE request for subversion", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/01/03/9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20110104 Re: CVE request for subversion", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/01/04/8" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20110104 Re: CVE request for subversion", ]
"refsource" : "MLIST", }
"url" : "http://openwall.com/lists/oss-security/2011/01/04/10" ]
}, },
{ "references": {
"name" : "[oss-security] 20110105 Re: CVE request for subversion", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/01/05/4" "name": "subversion-walk-dos(64472)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64472"
"name" : "[subversion-users] 20101104 apache coredump in mod_dav_svn", },
"refsource" : "MLIST", {
"url" : "http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C3923B919-C2BE-41AD-84ED-7207837FAD1A@ncsa.illinois.edu%3E" "name": "[oss-security] 20110104 Re: CVE request for subversion",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/01/04/8"
"name" : "[www-announce] 20101124 Apache Subversion 1.6.15 Released", },
"refsource" : "MLIST", {
"url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt@mail.gmail.com%3E" "name": "ADV-2011-0103",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0103"
"name" : "http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES", },
"refsource" : "CONFIRM", {
"url" : "http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES" "name": "42969",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42969"
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1033166", },
"refsource" : "CONFIRM", {
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1033166" "name": "ADV-2011-0264",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0264"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667407", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667407" "name": "42780",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42780"
"name" : "FEDORA-2011-0099", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html" "name": "http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES",
}, "refsource": "CONFIRM",
{ "url": "http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES"
"name" : "MDVSA-2011:006", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:006" "name": "[oss-security] 20110105 Re: CVE request for subversion",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/01/05/4"
"name" : "RHSA-2011:0257", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0257.html" "name": "[oss-security] 20110103 Re: CVE request for subversion",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/01/03/9"
"name" : "RHSA-2011:0258", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0258.html" "name": "SUSE-SR:2011:005",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
"name" : "SUSE-SR:2011:005", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" "name": "43346",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43346"
"name" : "USN-1053-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1053-1" "name": "1024934",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024934"
"name" : "45655", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45655" "name": "43115",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43115"
"name" : "1024934", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024934" "name": "FEDORA-2011-0099",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html"
"name" : "42780", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42780" "name": "ADV-2011-0015",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0015"
"name" : "42969", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42969" "name": "[oss-security] 20110102 CVE request for subversion",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/01/02/1"
"name" : "43139", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43139" "name": "[www-announce] 20101124 Apache Subversion 1.6.15 Released",
}, "refsource": "MLIST",
{ "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt@mail.gmail.com%3E"
"name" : "43115", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43115" "name": "RHSA-2011:0258",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0258.html"
"name" : "43346", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43346" "name": "RHSA-2011:0257",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0257.html"
"name" : "ADV-2011-0015", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0015" "name": "MDVSA-2011:006",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:006"
"name" : "ADV-2011-0103", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0103" "name": "[oss-security] 20110104 Re: CVE request for subversion",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/01/04/10"
"name" : "ADV-2011-0162", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0162" "name": "USN-1053-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1053-1"
"name" : "ADV-2011-0264", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0264" "name": "http://svn.apache.org/viewvc?view=revision&revision=1033166",
}, "refsource": "CONFIRM",
{ "url": "http://svn.apache.org/viewvc?view=revision&revision=1033166"
"name" : "subversion-walk-dos(64472)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64472" "name": "45655",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/45655"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=667407",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667407"
},
{
"name": "43139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43139"
},
{
"name": "[subversion-users] 20101104 apache coredump in mod_dav_svn",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C3923B919-C2BE-41AD-84ED-7207837FAD1A@ncsa.illinois.edu%3E"
},
{
"name": "ADV-2011-0162",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0162"
}
]
}
}

34
2010/4xxx/CVE-2010-4620.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4620", "ID": "CVE-2010-4620",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2010/4xxx/CVE-2010-4897.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4897", "ID": "CVE-2010-4897",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bbs.wolvez.org/viewtopic.php?id=148", "description_data": [
"refsource" : "MISC", {
"url" : "http://bbs.wolvez.org/viewtopic.php?id=148" "lang": "eng",
}, "value": "SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action."
{ }
"name" : "67822", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/67822" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "41255", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41255" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "67822",
"refsource": "OSVDB",
"url": "http://osvdb.org/67822"
},
{
"name": "41255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41255"
},
{
"name": "http://bbs.wolvez.org/viewtopic.php?id=148",
"refsource": "MISC",
"url": "http://bbs.wolvez.org/viewtopic.php?id=148"
}
]
}
}

150
2010/4xxx/CVE-2010-4990.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4990", "ID": "CVE-2010-4990",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14210", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14210" "lang": "eng",
}, "value": "SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php."
{ }
"name" : "41353", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/41353" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2010-1702", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1702" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "fronteditaddressbook-index-sql-injection(60092)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60092" ]
} },
] "references": {
} "reference_data": [
} {
"name": "14210",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14210"
},
{
"name": "fronteditaddressbook-index-sql-injection(60092)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60092"
},
{
"name": "ADV-2010-1702",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1702"
},
{
"name": "41353",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41353"
}
]
}
}

240
2011/1xxx/CVE-2011-1296.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1296", "ID": "CVE-2011-1296",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=75170", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=75170" "lang": "eng",
}, "value": "Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4808", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4808" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT4981", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT4981" ]
}, },
{ "references": {
"name" : "http://support.apple.com/kb/HT4999", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4999" "name": "ADV-2011-0765",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0765"
"name" : "APPLE-SA-2011-07-20-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" "name": "http://support.apple.com/kb/HT4981",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4981"
"name" : "APPLE-SA-2011-10-11-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" "name": "APPLE-SA-2011-10-12-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
"name" : "APPLE-SA-2011-10-12-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" "name": "APPLE-SA-2011-10-11-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
"name" : "47029", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47029" "name": "43859",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43859"
"name" : "oval:org.mitre.oval:def:14636", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14636" "name": "47029",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/47029"
"name" : "43859", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43859" "name": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html"
"name" : "ADV-2011-0765", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0765" "name": "google-chrome-svgtext-code-exec(66303)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66303"
"name" : "google-chrome-svgtext-code-exec(66303)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66303" "name": "http://support.apple.com/kb/HT4999",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT4999"
} },
} {
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "oval:org.mitre.oval:def:14636",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14636"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=75170",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=75170"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
}
]
}
}

210
2011/1xxx/CVE-2011-1937.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1937", "ID": "CVE-2011-1937",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110424 XSS in Webmin 1.540 + exploit for privilege escalation", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/517658" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl."
{ }
"name" : "[oss-security] 20110522 CVE Request: Webmin Local Privilege Escalation Vulnerability", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/05/22/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20110524 Re: CVE Request: Webmin Local Privilege Escalation Vulnerability", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/05/24/7" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/", ]
"refsource" : "MISC", }
"url" : "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/" ]
}, },
{ "references": {
"name" : "http://www.youtube.com/watch?v=CUO7JLIGUf0", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.youtube.com/watch?v=CUO7JLIGUf0" "name": "[oss-security] 20110524 Re: CVE Request: Webmin Local Privilege Escalation Vulnerability",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/05/24/7"
"name" : "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881" "name": "http://www.youtube.com/watch?v=CUO7JLIGUf0",
}, "refsource": "MISC",
{ "url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"
"name" : "MDVSA-2011:109", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109" "name": "1025438",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1025438"
"name" : "47558", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47558" "name": "20110424 XSS in Webmin 1.540 + exploit for privilege escalation",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/517658"
"name" : "1025438", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025438" "name": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"
"name" : "8264", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8264" "name": "[oss-security] 20110522 CVE Request: Webmin Local Privilege Escalation Vulnerability",
} "refsource": "MLIST",
] "url": "http://openwall.com/lists/oss-security/2011/05/22/1"
} },
} {
"name": "MDVSA-2011:109",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"
},
{
"name": "8264",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8264"
},
{
"name": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/",
"refsource": "MISC",
"url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"
},
{
"name": "47558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47558"
}
]
}
}

210
2011/5xxx/CVE-2011-5054.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5054", "ID": "CVE-2011-5054",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be \"a bit far-fetched.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20111207 Disputing CVE-2011-4122", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/12/07/3" "lang": "eng",
}, "value": "kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be \"a bit far-fetched.\""
{ }
"name" : "[oss-security] 20111208 Re: Disputing CVE-2011-4122", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/12/08/9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20111224 Re: Disputing CVE-2011-4122", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/12/23/8" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20111226 Re: Disputing CVE-2011-4122", ]
"refsource" : "MLIST", }
"url" : "http://openwall.com/lists/oss-security/2011/12/27/1" ]
}, },
{ "references": {
"name" : "[oss-security] 20111228 Re: Disputing CVE-2011-4122", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/12/28/5" "name": "kcheckpass-pamstart-priv-esc(72230)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72230"
"name" : "[oss-security] 20111228 Re: Disputing CVE-2011-4122", },
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/12/27/3" "name": "[oss-security] 20111207 Disputing CVE-2011-4122",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/12/07/3"
"name" : "[oss-security] 20120102 Re: Disputing CVE-2011-4122", },
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2012/01/02/11" "name": "[oss-security] 20111228 Re: Disputing CVE-2011-4122",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/12/28/5"
"name" : "[oss-security] 20120102 Re: Disputing CVE-2011-4122", },
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2012/01/02/10" "name": "[oss-security] 20111228 Re: Disputing CVE-2011-4122",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/12/27/3"
"name" : "http://c-skills.blogspot.com/2011/11/openpam-trickery.html", },
"refsource" : "MISC", {
"url" : "http://c-skills.blogspot.com/2011/11/openpam-trickery.html" "name": "[oss-security] 20111224 Re: Disputing CVE-2011-4122",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/12/23/8"
"name" : "kcheckpass-pamstart-priv-esc(72230)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72230" "name": "[oss-security] 20120102 Re: Disputing CVE-2011-4122",
} "refsource": "MLIST",
] "url": "http://openwall.com/lists/oss-security/2012/01/02/11"
} },
} {
"name": "[oss-security] 20111226 Re: Disputing CVE-2011-4122",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/12/27/1"
},
{
"name": "http://c-skills.blogspot.com/2011/11/openpam-trickery.html",
"refsource": "MISC",
"url": "http://c-skills.blogspot.com/2011/11/openpam-trickery.html"
},
{
"name": "[oss-security] 20111208 Re: Disputing CVE-2011-4122",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/12/08/9"
},
{
"name": "[oss-security] 20120102 Re: Disputing CVE-2011-4122",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/01/02/10"
}
]
}
}

140
2011/5xxx/CVE-2011-5076.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5076", "ID": "CVE-2011-5076",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bbs.wolvez.org/viewtopic.php?id=208", "description_data": [
"refsource" : "MISC", {
"url" : "http://bbs.wolvez.org/viewtopic.php?id=208" "lang": "eng",
}, "value": "SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information."
{ }
"name" : "51871", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/51871" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "47907", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47907" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "51871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51871"
},
{
"name": "http://bbs.wolvez.org/viewtopic.php?id=208",
"refsource": "MISC",
"url": "http://bbs.wolvez.org/viewtopic.php?id=208"
},
{
"name": "47907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47907"
}
]
}
}

160
2014/3xxx/CVE-2014-3024.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-3024", "ID": "CVE-2014-3024",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679918", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679918" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users."
{ }
"name" : "IV56643", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1030781", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030781" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "60408", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/60408" ]
}, },
{ "references": {
"name" : "ibm-maximo-cve20143024-csrf(93063)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93063" "name": "ibm-maximo-cve20143024-csrf(93063)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93063"
} },
} {
"name": "1030781",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030781"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918"
},
{
"name": "IV56643",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643"
},
{
"name": "60408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60408"
}
]
}
}

240
2014/3xxx/CVE-2014-3477.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3477", "ID": "CVE-2014-3477",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140610 CVE-2014-3477 (fd.o#78979): local DoS in dbus-daemon", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q2/509" "lang": "eng",
}, "value": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service."
{ }
"name" : "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567", ]
"refsource" : "CONFIRM", },
"url" : "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=78979", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=78979" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://advisories.mageia.org/MGASA-2014-0266.html", ]
"refsource" : "CONFIRM", }
"url" : "http://advisories.mageia.org/MGASA-2014-0266.html" ]
}, },
{ "references": {
"name" : "DSA-2971", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2971" "name": "59798",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/59798"
"name" : "MDVSA-2015:176", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" "name": "59611",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/59611"
"name" : "openSUSE-SU-2014:0821", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html" "name": "openSUSE-SU-2014:1239",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
"name" : "openSUSE-SU-2014:0874", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html" "name": "67986",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/67986"
"name" : "openSUSE-SU-2014:1239", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" "name": "openSUSE-SU-2014:0874",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html"
"name" : "67986", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/67986" "name": "[oss-security] 20140610 CVE-2014-3477 (fd.o#78979): local DoS in dbus-daemon",
}, "refsource": "MLIST",
{ "url": "http://seclists.org/oss-sec/2014/q2/509"
"name" : "59611", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59611" "name": "openSUSE-SU-2014:0821",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html"
"name" : "59428", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59428" "name": "http://advisories.mageia.org/MGASA-2014-0266.html",
}, "refsource": "CONFIRM",
{ "url": "http://advisories.mageia.org/MGASA-2014-0266.html"
"name" : "59798", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59798" "name": "59428",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/59428"
} },
} {
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=78979",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=78979"
},
{
"name": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567"
},
{
"name": "DSA-2971",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2971"
},
{
"name": "MDVSA-2015:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
}
]
}
}

170
2014/3xxx/CVE-2014-3641.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3641", "ID": "CVE-2014-3641",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141002 [OSSA 2014-033] Cinder-volume host data leak to vm instance (CVE-2014-3641)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q4/78" "lang": "eng",
}, "value": "The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header."
{ }
"name" : "https://bugs.launchpad.net/cinder/+bug/1350504", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.launchpad.net/cinder/+bug/1350504" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2014:1787", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1787.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2014:1788", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1788.html" ]
}, },
{ "references": {
"name" : "USN-2405-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2405-1" "name": "RHSA-2014:1788",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-1788.html"
"name" : "70221", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70221" "name": "[oss-security] 20141002 [OSSA 2014-033] Cinder-volume host data leak to vm instance (CVE-2014-3641)",
} "refsource": "MLIST",
] "url": "http://seclists.org/oss-sec/2014/q4/78"
} },
} {
"name": "70221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70221"
},
{
"name": "USN-2405-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2405-1"
},
{
"name": "https://bugs.launchpad.net/cinder/+bug/1350504",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/cinder/+bug/1350504"
},
{
"name": "RHSA-2014:1787",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1787.html"
}
]
}
}

130
2014/3xxx/CVE-2014-3843.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3843", "ID": "CVE-2014-3843",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Search Everything plugin before 8.1.1 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://wordpress.org/plugins/search-everything/changelog", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://wordpress.org/plugins/search-everything/changelog" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in the Search Everything plugin before 8.1.1 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
{ }
"name" : "58502", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/58502" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/plugins/search-everything/changelog",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/search-everything/changelog"
},
{
"name": "58502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58502"
}
]
}
}

140
2014/3xxx/CVE-2014-3892.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2014-3892", "ID": "CVE-2014-3892",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#36028879", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN36028879/index.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "JVNDB-2014-000080", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000080" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "68724", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68724" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000080",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000080"
},
{
"name": "68724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68724"
},
{
"name": "JVN#36028879",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN36028879/index.html"
}
]
}
}

34
2014/7xxx/CVE-2014-7126.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-7126", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-7126",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

34
2014/7xxx/CVE-2014-7356.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-7356", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-7356",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

34
2014/7xxx/CVE-2014-7377.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-7377", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-7377",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

140
2014/8xxx/CVE-2014-8156.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-8156", "ID": "CVE-2014-8156",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150127 CVE-2014-8156: freesmartphone.org stack configures D-Bus system bus to be insecure", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/01/27/25" "lang": "eng",
}, "value": "The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service."
{ }
"name" : "72363", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/72363" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "fso-cve20148156-dos(100488)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100488" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "fso-cve20148156-dos(100488)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100488"
},
{
"name": "[oss-security] 20150127 CVE-2014-8156: freesmartphone.org stack configures D-Bus system bus to be insecure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/25"
},
{
"name": "72363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72363"
}
]
}
}

34
2014/8xxx/CVE-2014-8470.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8470", "ID": "CVE-2014-8470",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2014/8xxx/CVE-2014-8644.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8644", "ID": "CVE-2014-8644",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2014/8xxx/CVE-2014-8805.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8805", "ID": "CVE-2014-8805",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2014/8xxx/CVE-2014-8945.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8945", "ID": "CVE-2014-8945",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2014/9xxx/CVE-2014-9075.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9075", "ID": "CVE-2014-9075",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

240
2014/9xxx/CVE-2014-9666.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9666", "ID": "CVE-2014-9666",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/google-security-research/issues/detail?id=167", "description_data": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/google-security-research/issues/detail?id=167" "lang": "eng",
}, "value": "The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap."
{ }
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439", ]
"refsource" : "CONFIRM", },
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://advisories.mageia.org/MGASA-2015-0083.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://advisories.mageia.org/MGASA-2015-0083.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" ]
}, },
{ "references": {
"name" : "DSA-3188", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3188" "name": "DSA-3188",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3188"
"name" : "FEDORA-2015-2216", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html" "name": "http://code.google.com/p/google-security-research/issues/detail?id=167",
}, "refsource": "MISC",
{ "url": "http://code.google.com/p/google-security-research/issues/detail?id=167"
"name" : "FEDORA-2015-2237", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html" "name": "GLSA-201503-05",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201503-05"
"name" : "GLSA-201503-05", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201503-05" "name": "72986",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/72986"
"name" : "MDVSA-2015:055", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055" "name": "USN-2739-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2739-1"
"name" : "openSUSE-SU-2015:0627", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html" "name": "openSUSE-SU-2015:0627",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"
"name" : "USN-2510-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2510-1" "name": "http://advisories.mageia.org/MGASA-2015-0083.html",
}, "refsource": "CONFIRM",
{ "url": "http://advisories.mageia.org/MGASA-2015-0083.html"
"name" : "USN-2739-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2739-1" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
"name" : "72986", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72986" "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439",
} "refsource": "CONFIRM",
] "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439"
} },
} {
"name": "FEDORA-2015-2216",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"
},
{
"name": "MDVSA-2015:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055"
},
{
"name": "USN-2510-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2510-1"
},
{
"name": "FEDORA-2015-2237",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"
}
]
}
}

160
2016/2xxx/CVE-2016-2208.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@symantec.com",
"ID" : "CVE-2016-2208", "ID": "CVE-2016-2208",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "39835", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/39835/" "lang": "eng",
}, "value": "The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file."
{ }
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=820", ]
"refsource" : "MISC", },
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=820" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20160516_00", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20160516_00" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "90653", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/90653" ]
}, },
{ "references": {
"name" : "1035903", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035903" "name": "90653",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/90653"
} },
} {
"name": "39835",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39835/"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=820",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=820"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20160516_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20160516_00"
},
{
"name": "1035903",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035903"
}
]
}
}

130
2016/2xxx/CVE-2016-2441.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-2441", "ID": "CVE-2016-2441",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26354602."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-05-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-05-01.html" "lang": "eng",
}, "value": "The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26354602."
{ }
"name" : "https://www.codeaurora.org/issues-tsc-tspp2-and-buspm-drivers-cve-2015-0573-cve-2016-2441-cve-2016-2442", ]
"refsource" : "CONFIRM", },
"url" : "https://www.codeaurora.org/issues-tsc-tspp2-and-buspm-drivers-cve-2015-0573-cve-2016-2441-cve-2016-2442" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-05-01.html"
},
{
"name": "https://www.codeaurora.org/issues-tsc-tspp2-and-buspm-drivers-cve-2015-0573-cve-2016-2441-cve-2016-2442",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/issues-tsc-tspp2-and-buspm-drivers-cve-2015-0573-cve-2016-2441-cve-2016-2442"
}
]
}
}

34
2016/2xxx/CVE-2016-2574.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2574", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2574",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

230
2016/2xxx/CVE-2016-2837.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2016-2837", "ID": "CVE-2016-2837",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-673", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-673" "lang": "eng",
}, "value": "Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass."
{ }
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-77.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-77.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1274637", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1274637" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" ]
}, },
{ "references": {
"name" : "DSA-3640", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3640" "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-77.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-77.html"
"name" : "GLSA-201701-15", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201701-15" "name": "DSA-3640",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3640"
"name" : "RHSA-2016:1551", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1551.html" "name": "1036508",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1036508"
"name" : "openSUSE-SU-2016:1964", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
"name" : "openSUSE-SU-2016:2026", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html" "name": "USN-3044-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-3044-1"
"name" : "USN-3044-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3044-1" "name": "92258",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/92258"
"name" : "92258", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92258" "name": "RHSA-2016:1551",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html"
"name" : "1036508", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036508" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1274637",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1274637"
} },
} {
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "openSUSE-SU-2016:1964",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-673",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-673"
},
{
"name": "openSUSE-SU-2016:2026",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
}
]
}
}

34
2016/6xxx/CVE-2016-6051.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6051", "ID": "CVE-2016-6051",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2016/6xxx/CVE-2016-6348.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6348", "ID": "CVE-2016-6348",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1372129", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1372129" "lang": "eng",
} "value": "JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1372129",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372129"
}
]
}
}

130
2016/6xxx/CVE-2016-6637.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2016-6637", "ID": "CVE-2016-6637",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://pivotal.io/security/cve-2016-6637", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://pivotal.io/security/cve-2016-6637" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page."
{ }
"name" : "93245", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93245" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93245"
},
{
"name": "https://pivotal.io/security/cve-2016-6637",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6637"
}
]
}
}

140
2016/6xxx/CVE-2016-6645.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2016-6645", "ID": "CVE-2016-6645",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20161004 ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2016/Oct/7" "lang": "eng",
}, "value": "The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class."
{ }
"name" : "93343", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93343" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036941", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036941" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20161004 ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Oct/7"
},
{
"name": "1036941",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036941"
},
{
"name": "93343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93343"
}
]
}
}

140
2016/6xxx/CVE-2016-6648.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2016-6648", "ID": "CVE-2016-6648",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "EMC RecoverPoint and EMC RecoverPoint for Virtual Machines EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0", "product_name": "EMC RecoverPoint and EMC RecoverPoint for Virtual Machines EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "EMC RecoverPoint and EMC RecoverPoint for Virtual Machines EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0" "version_value": "EMC RecoverPoint and EMC RecoverPoint for Virtual Machines EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Sensitive information disclosure vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securityfocus.com/archive/1/540058/30/0/threaded", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.securityfocus.com/archive/1/540058/30/0/threaded" "lang": "eng",
}, "value": "EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system."
{ }
"name" : "95821", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95821" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037727", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037727" "lang": "eng",
} "value": "Sensitive information disclosure vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/archive/1/540058/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540058/30/0/threaded"
},
{
"name": "1037727",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037727"
},
{
"name": "95821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95821"
}
]
}
}

180
2016/7xxx/CVE-2016-7400.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7400", "ID": "CVE-2016-7400",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "40412", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/40412/" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action."
{ }
"name" : "[oss-security] 20160918 CVE request : Exponent CMS 2.3.9 SQL injection vulnerabilities", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/09/18/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20160918 Re: CVE request : Exponent CMS 2.3.9 SQL injection vulnerabilities", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/09/18/10" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://exponentcms.lighthouseapp.com/projects/61783/changesets/e916702a91a6342bbab483a2be2ba2f11dca3aa3", ]
"refsource" : "CONFIRM", }
"url" : "https://exponentcms.lighthouseapp.com/projects/61783/changesets/e916702a91a6342bbab483a2be2ba2f11dca3aa3" ]
}, },
{ "references": {
"name" : "https://github.com/exponentcms/exponent-cms/commit/e916702a91a6342bbab483a2be2ba2f11dca3aa3", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/exponentcms/exponent-cms/commit/e916702a91a6342bbab483a2be2ba2f11dca3aa3" "name": "https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0"
"name" : "https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0" "name": "[oss-security] 20160918 CVE request : Exponent CMS 2.3.9 SQL injection vulnerabilities",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/09/18/2"
"name" : "93041", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93041" "name": "40412",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/40412/"
} },
} {
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/e916702a91a6342bbab483a2be2ba2f11dca3aa3",
"refsource": "CONFIRM",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/e916702a91a6342bbab483a2be2ba2f11dca3aa3"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/e916702a91a6342bbab483a2be2ba2f11dca3aa3",
"refsource": "CONFIRM",
"url": "https://github.com/exponentcms/exponent-cms/commit/e916702a91a6342bbab483a2be2ba2f11dca3aa3"
},
{
"name": "[oss-security] 20160918 Re: CVE request : Exponent CMS 2.3.9 SQL injection vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/18/10"
},
{
"name": "93041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93041"
}
]
}
}

130
2016/7xxx/CVE-2016-7560.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7560", "ID": "CVE-2016-7560",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://fortiguard.com/advisory/FG-IR-16-029", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://fortiguard.com/advisory/FG-IR-16-029" "lang": "eng",
}, "value": "The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors."
{ }
"name" : "93286", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93286" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://fortiguard.com/advisory/FG-IR-16-029",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/FG-IR-16-029"
},
{
"name": "93286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93286"
}
]
}
}

130
2016/7xxx/CVE-2016-7967.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7967", "ID": "CVE-2016-7967",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161004 Re: KMail vulnerabilites: need 3 CVE", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/10/05/1" "lang": "eng",
}, "value": "KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled."
{ }
"name" : "93360", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93360" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93360"
},
{
"name": "[oss-security] 20161004 Re: KMail vulnerabilites: need 3 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/1"
}
]
}
}

130
2016/7xxx/CVE-2016-7989.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7989", "ID": "CVE-2016-7989",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016" "lang": "eng",
}, "value": "On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542."
{ }
"name" : "94082", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94082" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"name": "94082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94082"
}
]
}
}

130
2017/5xxx/CVE-2017-5197.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5197", "ID": "CVE-2017-5197",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.silverstripe.org/download/security-releases/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.silverstripe.org/download/security-releases/" "lang": "eng",
}, "value": "There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element."
{ }
"name" : "96572", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96572" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96572"
},
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/"
}
]
}
}

34
2017/5xxx/CVE-2017-5779.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5779", "ID": "CVE-2017-5779",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }