admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:30:37 +00:00
parent 0dc6f8f892
commit 4040d2f610
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 3667 additions and 3667 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2006/0xxx/CVE-2006-0406.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060114 MyBB 1.0.2 Sniffing table perfix bug in search.php",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422227/100/0/threaded"
},
{
"name" : "22736",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22736"
},
{
"name" : "18577",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18577"
},
{
"name" : "mybb-search-information-disclosure(24272)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24272"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-search-information-disclosure(24272)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24272"
},
{
"name": "18577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18577"
},
{
"name": "20060114 MyBB 1.0.2 Sniffing table perfix bug in search.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422227/100/0/threaded"
},
{
"name": "22736",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22736"
}
]
}
}

190
2006/0xxx/CVE-2006-0444.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060125 HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423145/100/0/threaded"
},
{
"name" : "http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt",
"refsource" : "MISC",
"url" : "http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt"
},
{
"name" : "16391",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16391"
},
{
"name" : "ADV-2006-0342",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0342"
},
{
"name" : "22720",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22720"
},
{
"name" : "22722",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22722"
},
{
"name" : "18597",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18597"
},
{
"name" : "phpclanwebsite-index-sql-injection(24355)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24355"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060125 HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423145/100/0/threaded"
},
{
"name": "16391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16391"
},
{
"name": "http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt",
"refsource": "MISC",
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt"
},
{
"name": "22722",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22722"
},
{
"name": "22720",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22720"
},
{
"name": "ADV-2006-0342",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0342"
},
{
"name": "18597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18597"
},
{
"name": "phpclanwebsite-index-sql-injection(24355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24355"
}
]
}
}

230
2006/0xxx/CVE-2006-0678.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0678",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060215 PostgreSQL security releases 8.1.3, 8.0.7, 7.4.12, 7.3.14",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425037/100/0/threaded"
},
{
"name" : "http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3"
},
{
"name" : "OpenPKG-SA-2006.004",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.org/security/OpenPKG-SA-2006.004-postgresql.html"
},
{
"name" : "2006-0008",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0008"
},
{
"name" : "USN-258-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-258-1"
},
{
"name" : "16650",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16650"
},
{
"name" : "ADV-2006-0605",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0605"
},
{
"name" : "18890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18890"
},
{
"name" : "19015",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19015"
},
{
"name" : "19035",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19035"
},
{
"name" : "498",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/498"
},
{
"name" : "postgresql-setsessionauth-dos(24719)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24719"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2006-0008",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0008"
},
{
"name": "http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3"
},
{
"name": "postgresql-setsessionauth-dos(24719)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24719"
},
{
"name": "ADV-2006-0605",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0605"
},
{
"name": "18890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18890"
},
{
"name": "19035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19035"
},
{
"name": "498",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/498"
},
{
"name": "16650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16650"
},
{
"name": "19015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19015"
},
{
"name": "USN-258-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-258-1"
},
{
"name": "OpenPKG-SA-2006.004",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.004-postgresql.html"
},
{
"name": "20060215 PostgreSQL security releases 8.1.3, 8.0.7, 7.4.12, 7.3.14",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425037/100/0/threaded"
}
]
}
}

170
2006/0xxx/CVE-2006-0927.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0927",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid parameter in (a) jgs_galerie_slideshow.php and (b) jgs_galerie_scroll.php, and the (2) katid parameter in (c) jgs_galerie_slideshow.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060224 Advisory: Woltlab Burning Board 2.x (JGS-Gallery MOD <= 4.0)multiple XSS vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425981/100/0/threaded"
},
{
"name" : "20060224 Advisory: Woltlab Burning Board 2.x (JGS-Gallery MOD <= 4.0) multiple XSS vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0615.html"
},
{
"name" : "http://www.nukedx.com/?viewdoc=11",
"refsource" : "MISC",
"url" : "http://www.nukedx.com/?viewdoc=11"
},
{
"name" : "16810",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16810"
},
{
"name" : "16843",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16843"
},
{
"name" : "wbb-jgsgallerymod-xss(24888)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid parameter in (a) jgs_galerie_slideshow.php and (b) jgs_galerie_scroll.php, and the (2) katid parameter in (c) jgs_galerie_slideshow.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16810"
},
{
"name": "20060224 Advisory: Woltlab Burning Board 2.x (JGS-Gallery MOD <= 4.0) multiple XSS vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0615.html"
},
{
"name": "http://www.nukedx.com/?viewdoc=11",
"refsource": "MISC",
"url": "http://www.nukedx.com/?viewdoc=11"
},
{
"name": "20060224 Advisory: Woltlab Burning Board 2.x (JGS-Gallery MOD <= 4.0)multiple XSS vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425981/100/0/threaded"
},
{
"name": "wbb-jgsgallerymod-xss(24888)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24888"
},
{
"name": "16843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16843"
}
]
}
}

210
2006/1xxx/CVE-2006-1316.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1316",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka \"Microsoft Office Parsing Vulnerability,\" a different vulnerability than CVE-2006-2389."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS06-038",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038"
},
{
"name" : "TA06-192A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
},
{
"name" : "VU#580036",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/580036"
},
{
"name" : "18912",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18912"
},
{
"name" : "ADV-2006-2756",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2756"
},
{
"name" : "27148",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27148"
},
{
"name" : "oval:org.mitre.oval:def:918",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A918"
},
{
"name" : "1016469",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016469"
},
{
"name" : "21012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21012"
},
{
"name" : "office-string-parse-bo(27607)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27607"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka \"Microsoft Office Parsing Vulnerability,\" a different vulnerability than CVE-2006-2389."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21012"
},
{
"name": "ADV-2006-2756",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2756"
},
{
"name": "MS06-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038"
},
{
"name": "27148",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27148"
},
{
"name": "office-string-parse-bo(27607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27607"
},
{
"name": "18912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18912"
},
{
"name": "1016469",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016469"
},
{
"name": "oval:org.mitre.oval:def:918",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A918"
},
{
"name": "VU#580036",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/580036"
},
{
"name": "TA06-192A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
}
]
}
}

370
2006/1xxx/CVE-2006-1858.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1858",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm"
},
{
"name" : "DSA-1097",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1097"
},
{
"name" : "DSA-1103",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1103"
},
{
"name" : "MDKSA-2006:123",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:123"
},
{
"name" : "MDKSA-2006:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150"
},
{
"name" : "RHSA-2006:0617",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0617.html"
},
{
"name" : "SUSE-SA:2006:042",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
},
{
"name" : "SUSE-SA:2006:047",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_47_kernel.html"
},
{
"name" : "USN-302-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-302-1"
},
{
"name" : "18085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18085"
},
{
"name" : "oval:org.mitre.oval:def:9510",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9510"
},
{
"name" : "ADV-2006-1893",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1893"
},
{
"name" : "ADV-2006-2554",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name" : "25696",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25696"
},
{
"name" : "20185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20185"
},
{
"name" : "20671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20671"
},
{
"name" : "20716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20716"
},
{
"name" : "20914",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20914"
},
{
"name" : "21045",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21045"
},
{
"name" : "21179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21179"
},
{
"name" : "21605",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21605"
},
{
"name" : "22174",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22174"
},
{
"name" : "21476",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21476"
},
{
"name" : "21498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21498"
},
{
"name" : "linux-sctp-parameter-dos(26585)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26585"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2006:042",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
},
{
"name": "ADV-2006-2554",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name": "RHSA-2006:0617",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0617.html"
},
{
"name": "20716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20716"
},
{
"name": "ADV-2006-1893",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1893"
},
{
"name": "21605",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21605"
},
{
"name": "21476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21476"
},
{
"name": "SUSE-SA:2006:047",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_47_kernel.html"
},
{
"name": "18085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18085"
},
{
"name": "MDKSA-2006:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150"
},
{
"name": "USN-302-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-302-1"
},
{
"name": "MDKSA-2006:123",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:123"
},
{
"name": "linux-sctp-parameter-dos(26585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26585"
},
{
"name": "DSA-1097",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1097"
},
{
"name": "20185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20185"
},
{
"name": "22174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22174"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17"
},
{
"name": "oval:org.mitre.oval:def:9510",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9510"
},
{
"name": "DSA-1103",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1103"
},
{
"name": "21498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21498"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm"
},
{
"name": "21045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21045"
},
{
"name": "25696",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25696"
},
{
"name": "20671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20671"
},
{
"name": "21179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21179"
},
{
"name": "20914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20914"
}
]
}
}

130
2006/1xxx/CVE-2006-1894.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1894",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses the transformation. NOTE: it is not clear whether this is a site-specific issue; however, the claimed codebase relationship with PunBB might be relevant."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060413 RevoBoard [email] tag XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430886/100/0/threaded"
},
{
"name" : "768",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/768"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses the transformation. NOTE: it is not clear whether this is a site-specific issue; however, the claimed codebase relationship with PunBB might be relevant."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "768",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/768"
},
{
"name": "20060413 RevoBoard [email] tag XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430886/100/0/threaded"
}
]
}
}

180
2006/4xxx/CVE-2006-4177.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061022 Novell eDirectory NCP over IP length Heap Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=426"
},
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm"
},
{
"name" : "20664",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20664"
},
{
"name" : "ADV-2006-4142",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4142"
},
{
"name" : "1017104",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017104"
},
{
"name" : "22506",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22506"
},
{
"name" : "edirectory-ncp-bo(29768)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29768"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20664"
},
{
"name": "22506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22506"
},
{
"name": "1017104",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017104"
},
{
"name": "20061022 Novell eDirectory NCP over IP length Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=426"
},
{
"name": "edirectory-ncp-bo(29768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29768"
},
{
"name": "ADV-2006-4142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4142"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm"
}
]
}
}

250
2006/4xxx/CVE-2006-4483.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
},
{
"name" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?r1=1.62.2.14.2.6&r2=1.62.2.14.2.7",
"refsource" : "MISC",
"url" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?r1=1.62.2.14.2.6&r2=1.62.2.14.2.7"
},
{
"name" : "http://cvs.php.net/viewvc.cgi/php-src/ext/curl/streams.c?r1=1.14.2.2.2.3&r2=1.14.2.2.2.4",
"refsource" : "MISC",
"url" : "http://cvs.php.net/viewvc.cgi/php-src/ext/curl/streams.c?r1=1.14.2.2.2.3&r2=1.14.2.2.2.4"
},
{
"name" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?view=log",
"refsource" : "CONFIRM",
"url" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?view=log"
},
{
"name" : "http://www.php.net/ChangeLog-5.php#5.1.5",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php#5.1.5"
},
{
"name" : "http://www.php.net/release_5_1_5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/release_5_1_5.php"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
},
{
"name" : "SUSE-SA:2006:052",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_52_php.html"
},
{
"name" : "19582",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19582"
},
{
"name" : "ADV-2006-3318",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3318"
},
{
"name" : "1016984",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016984"
},
{
"name" : "21546",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21546"
},
{
"name" : "22039",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22039"
},
{
"name" : "30411",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30411"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016984",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016984"
},
{
"name": "http://www.php.net/release_5_1_5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/release_5_1_5.php"
},
{
"name": "22039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22039"
},
{
"name": "http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?r1=1.62.2.14.2.6&r2=1.62.2.14.2.7",
"refsource": "MISC",
"url": "http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?r1=1.62.2.14.2.6&r2=1.62.2.14.2.7"
},
{
"name": "http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?view=log",
"refsource": "CONFIRM",
"url": "http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?view=log"
},
{
"name": "19582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19582"
},
{
"name": "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
},
{
"name": "30411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30411"
},
{
"name": "21546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21546"
},
{
"name": "ADV-2006-3318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3318"
},
{
"name": "http://cvs.php.net/viewvc.cgi/php-src/ext/curl/streams.c?r1=1.14.2.2.2.3&r2=1.14.2.2.2.4",
"refsource": "MISC",
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/curl/streams.c?r1=1.14.2.2.2.3&r2=1.14.2.2.2.4"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.1.5",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.1.5"
},
{
"name": "SUSE-SA:2006:052",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_52_php.html"
}
]
}
}

130
2006/4xxx/CVE-2006-4865.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060915 phpQuiz sensitive file (install.php)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446112/100/0/threaded"
},
{
"name" : "1604",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1604",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1604"
},
{
"name": "20060915 phpQuiz sensitive file (install.php)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446112/100/0/threaded"
}
]
}
}

200
2006/5xxx/CVE-2006-5273.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5273",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"refsource" : "ISS",
"url" : "http://www.iss.net/threats/269.html"
},
{
"name" : "http://www.nessus.org/plugins/index.php?view=single&id=25702",
"refsource" : "MISC",
"url" : "http://www.nessus.org/plugins/index.php?view=single&id=25702"
},
{
"name" : "https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html",
"refsource" : "CONFIRM",
"url" : "https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html"
},
{
"name" : "24863",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24863"
},
{
"name" : "ADV-2007-2498",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2498"
},
{
"name" : "36100",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/36100"
},
{
"name" : "1018363",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018363"
},
{
"name" : "26029",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26029"
},
{
"name" : "security-management-bo(31164)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31164"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "security-management-bo(31164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31164"
},
{
"name": "ADV-2007-2498",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2498"
},
{
"name": "1018363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018363"
},
{
"name": "26029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26029"
},
{
"name": "http://www.nessus.org/plugins/index.php?view=single&id=25702",
"refsource": "MISC",
"url": "http://www.nessus.org/plugins/index.php?view=single&id=25702"
},
{
"name": "36100",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36100"
},
{
"name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"refsource": "ISS",
"url": "http://www.iss.net/threats/269.html"
},
{
"name": "https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html"
},
{
"name": "24863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24863"
}
]
}
}

200
2006/5xxx/CVE-2006-5373.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5373",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Install Base component in Oracle E-Business Suite 11.5.10CU1 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS13."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "TA06-291A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
},
{
"name" : "20588",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20588"
},
{
"name" : "ADV-2006-4065",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name" : "1017077",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017077"
},
{
"name" : "22396",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22396"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Install Base component in Oracle E-Business Suite 11.5.10CU1 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS13."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name": "20588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20588"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "ADV-2006-4065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name": "22396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22396"
},
{
"name": "1017077",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017077"
},
{
"name": "TA06-291A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
}
]
}
}

330
2006/5xxx/CVE-2006-5857.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5857",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070110 Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/456491/100/0/threaded"
},
{
"name" : "20070109 Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html"
},
{
"name" : "http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt",
"refsource" : "MISC",
"url" : "http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb07-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
},
{
"name" : "GLSA-200701-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200701-16.xml"
},
{
"name" : "RHSA-2007:0017",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2007-0017.html"
},
{
"name" : "RHSA-2007:0021",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0021.html"
},
{
"name" : "102847",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1"
},
{
"name" : "SUSE-SA:2007:011",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
},
{
"name" : "VU#698924",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/698924"
},
{
"name" : "21981",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21981"
},
{
"name" : "oval:org.mitre.oval:def:11698",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11698"
},
{
"name" : "ADV-2007-0115",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0115"
},
{
"name" : "ADV-2007-0957",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0957"
},
{
"name" : "31316",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/31316"
},
{
"name" : "1017491",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017491"
},
{
"name" : "23666",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23666"
},
{
"name" : "23691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23691"
},
{
"name" : "23812",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23812"
},
{
"name" : "23877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23877"
},
{
"name" : "23882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23882"
},
{
"name" : "24533",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24533"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0115"
},
{
"name": "RHSA-2007:0021",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0021.html"
},
{
"name": "23691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23691"
},
{
"name": "21981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21981"
},
{
"name": "RHSA-2007:0017",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2007-0017.html"
},
{
"name": "31316",
"refsource": "OSVDB",
"url": "http://osvdb.org/31316"
},
{
"name": "23882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23882"
},
{
"name": "20070110 Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456491/100/0/threaded"
},
{
"name": "23666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23666"
},
{
"name": "http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt",
"refsource": "MISC",
"url": "http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt"
},
{
"name": "SUSE-SA:2007:011",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
},
{
"name": "102847",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1"
},
{
"name": "ADV-2007-0957",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0957"
},
{
"name": "23812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23812"
},
{
"name": "23877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23877"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb07-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
},
{
"name": "oval:org.mitre.oval:def:11698",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11698"
},
{
"name": "GLSA-200701-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
},
{
"name": "24533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24533"
},
{
"name": "1017491",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017491"
},
{
"name": "VU#698924",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/698924"
},
{
"name": "20070109 Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html"
}
]
}
}

140
2010/0xxx/CVE-2010-0601.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0601",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl39126."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100512 Multiple Vulnerabilities in Cisco PGW Softswitch",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml"
},
{
"name" : "40117",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40117"
},
{
"name" : "64680",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64680"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl39126."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64680",
"refsource": "OSVDB",
"url": "http://osvdb.org/64680"
},
{
"name": "40117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40117"
},
{
"name": "20100512 Multiple Vulnerabilities in Cisco PGW Softswitch",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml"
}
]
}
}

34
2010/0xxx/CVE-2010-0627.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0627",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0627",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2010/0xxx/CVE-2010-0780.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0780",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014224",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014224"
},
{
"name" : "IZ75124",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IZ75124"
},
{
"name" : "wmq-diskspace-dos(60638)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60638"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014224",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014224"
},
{
"name": "wmq-diskspace-dos(60638)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60638"
},
{
"name": "IZ75124",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IZ75124"
}
]
}
}

150
2010/2xxx/CVE-2010-2141.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12735",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12735"
},
{
"name" : "http://packetstormsecurity.org/1005-exploits/nitro-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/nitro-sql.txt"
},
{
"name" : "40350",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40350"
},
{
"name" : "nitro-index-sql-injection(58877)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58877"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40350"
},
{
"name": "12735",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12735"
},
{
"name": "nitro-index-sql-injection(58877)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58877"
},
{
"name": "http://packetstormsecurity.org/1005-exploits/nitro-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/nitro-sql.txt"
}
]
}
}

230
2010/2xxx/CVE-2010-2274.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/",
"refsource" : "CONFIRM",
"url" : "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
},
{
"name" : "LO50833",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name" : "LO50849",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name" : "LO50856",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"name" : "LO50896",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name" : "LO50932",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"name" : "LO50958",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name" : "LO50994",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name" : "38964",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38964"
},
{
"name" : "40007",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40007"
},
{
"name" : "ADV-2010-1281",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1281"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1281",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"name": "LO50994",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"name": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/",
"refsource": "CONFIRM",
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"name": "LO50896",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40007"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
]
}
}

140
2010/2xxx/CVE-2010-2558.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka \"Race Condition Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-053",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053"
},
{
"name" : "TA10-222A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name" : "oval:org.mitre.oval:def:11853",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11853"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka \"Race Condition Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11853",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11853"
},
{
"name": "TA10-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "MS10-053",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053"
}
]
}
}

130
2010/2xxx/CVE-2010-2728.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka \"Heap Based Buffer Overflow in Outlook Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-064",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-064"
},
{
"name" : "oval:org.mitre.oval:def:7125",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka \"Heap Based Buffer Overflow in Outlook Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7125",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7125"
},
{
"name": "MS10-064",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-064"
}
]
}
}

130
2010/3xxx/CVE-2010-3033.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3033",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-3033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21290",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21290"
},
{
"name" : "20100908 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b466e9.shtml"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100908 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b466e9.shtml"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21290",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21290"
}
]
}
}

170
2010/3xxx/CVE-2010-3083.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3083",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101007 qpidd SSL connection DoS (CVE-2010-3083)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/10/08/1"
},
{
"name" : "http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=632657",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=632657"
},
{
"name" : "RHSA-2010:0756",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"name" : "RHSA-2010:0757",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
},
{
"name" : "41710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41710"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0756",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"name": "[oss-security] 20101007 qpidd SSL connection DoS (CVE-2010-3083)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/08/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=632657",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=632657"
},
{
"name": "http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch"
},
{
"name": "41710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41710"
},
{
"name": "RHSA-2010:0757",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
}
]
}
}

160
2010/3xxx/CVE-2010-3792.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3792",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-3792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "http://support.apple.com/kb/HT4447",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4447"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "APPLE-SA-2010-12-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html"
},
{
"name" : "1024729",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024729"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "1024729",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024729"
},
{
"name": "APPLE-SA-2010-12-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4447",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4447"
}
]
}
}

120
2010/4xxx/CVE-2010-4312.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101122 [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514866/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20101122 [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514866/100/0/threaded"
}
]
}
}

140
2010/4xxx/CVE-2010-4519.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4519",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101216 CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/12/16/7"
},
{
"name" : "[oss-security] 20101221 Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/12/22/1"
},
{
"name" : "http://drupal.org/node/829840",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/829840"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/829840",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/829840"
},
{
"name": "[oss-security] 20101216 CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/12/16/7"
},
{
"name": "[oss-security] 20101221 Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/12/22/1"
}
]
}
}

34
2010/4xxx/CVE-2010-4571.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4571",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4571",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2011/5xxx/CVE-2011-5175.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/115772/Banana-Dance-CMS-B.2.1-XSS-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/115772/Banana-Dance-CMS-B.2.1-XSS-SQL-Injection.html"
},
{
"name" : "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme",
"refsource" : "MISC",
"url" : "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
},
{
"name" : "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit",
"refsource" : "CONFIRM",
"url" : "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme",
"refsource": "MISC",
"url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
},
{
"name": "http://packetstormsecurity.org/files/115772/Banana-Dance-CMS-B.2.1-XSS-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/115772/Banana-Dance-CMS-B.2.1-XSS-SQL-Injection.html"
},
{
"name": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit",
"refsource": "CONFIRM",
"url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
}
]
}
}

160
2011/5xxx/CVE-2011-5212.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17390",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17390"
},
{
"name" : "http://epsilonlambda.wordpress.com/2011/06/11/subrion-cms-multiple-vulnerabilities/",
"refsource" : "MISC",
"url" : "http://epsilonlambda.wordpress.com/2011/06/11/subrion-cms-multiple-vulnerabilities/"
},
{
"name" : "48224",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48224"
},
{
"name" : "72890",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/72890"
},
{
"name" : "44917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44917"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72890",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72890"
},
{
"name": "17390",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17390"
},
{
"name": "44917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44917"
},
{
"name": "48224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48224"
},
{
"name": "http://epsilonlambda.wordpress.com/2011/06/11/subrion-cms-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "http://epsilonlambda.wordpress.com/2011/06/11/subrion-cms-multiple-vulnerabilities/"
}
]
}
}

210
2014/3xxx/CVE-2014-3094.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681631",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681631"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683296",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683296"
},
{
"name" : "IT02291",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291"
},
{
"name" : "IT02592",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592"
},
{
"name" : "IT02593",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593"
},
{
"name" : "IT02594",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594"
},
{
"name" : "69550",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69550"
},
{
"name" : "60845",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60845"
},
{
"name" : "58616",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58616"
},
{
"name" : "ibm-db2-cve20143094-bo(94260)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94260"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683296",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683296"
},
{
"name": "ibm-db2-cve20143094-bo(94260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94260"
},
{
"name": "IT02593",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593"
},
{
"name": "58616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58616"
},
{
"name": "IT02291",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291"
},
{
"name": "69550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69550"
},
{
"name": "IT02594",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594"
},
{
"name": "IT02592",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681631",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681631"
},
{
"name": "60845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60845"
}
]
}
}

150
2014/3xxx/CVE-2014-3310.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140709 Cisco WebEx Meetings Client Arbitrary File Download Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310"
},
{
"name" : "68503",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68503"
},
{
"name" : "1030551",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030551"
},
{
"name" : "cisco-webex-cve20143310-info-disc(94431)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94431"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140709 Cisco WebEx Meetings Client Arbitrary File Download Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310"
},
{
"name": "1030551",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030551"
},
{
"name": "68503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68503"
},
{
"name": "cisco-webex-cve20143310-info-disc(94431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94431"
}
]
}
}

34
2014/3xxx/CVE-2014-3700.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3700",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3700",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/4xxx/CVE-2014-4169.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4169",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4169",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/4xxx/CVE-2014-4176.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4176",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4176",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/4xxx/CVE-2014-4559.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4559",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4559",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2014/8xxx/CVE-2014-8590.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8590",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource" : "MISC",
"url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name" : "https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/",
"refsource" : "MISC",
"url" : "https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/"
},
{
"name" : "https://service.sap.com/sap/support/notes/2045176",
"refsource" : "MISC",
"url" : "https://service.sap.com/sap/support/notes/2045176"
},
{
"name" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/",
"refsource" : "MISC",
"url" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/"
},
{
"name" : "71023",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71023"
},
{
"name" : "sap-netweaver-cve20148590-info-disc(98581)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98581"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sap-netweaver-cve20148590-info-disc(98581)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98581"
},
{
"name": "https://service.sap.com/sap/support/notes/2045176",
"refsource": "MISC",
"url": "https://service.sap.com/sap/support/notes/2045176"
},
{
"name": "71023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71023"
},
{
"name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/"
},
{
"name": "https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/"
},
{
"name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
}
]
}
}

34
2014/9xxx/CVE-2014-9040.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9040",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9040",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/9xxx/CVE-2014-9297.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9297",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-9297",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

120
2014/9xxx/CVE-2014-9391.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9391",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the gSlideShow plugin 0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) rss, (2) display_time or (3) transistion_time parameter in the gslideshow.php page to wp-admin/options-general.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/129637/WordPress-gSlideShow-0.1-CSRF-XSS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129637/WordPress-gSlideShow-0.1-CSRF-XSS.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the gSlideShow plugin 0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) rss, (2) display_time or (3) transistion_time parameter in the gslideshow.php page to wp-admin/options-general.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129637/WordPress-gSlideShow-0.1-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129637/WordPress-gSlideShow-0.1-CSRF-XSS.html"
}
]
}
}

130
2016/2xxx/CVE-2016-2079.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2016-0007.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2016-0007.html"
},
{
"name" : "1036077",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036077"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0007.html"
},
{
"name": "1036077",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036077"
}
]
}
}

34
2016/2xxx/CVE-2016-2738.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2738",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2738",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

530
2016/3xxx/CVE-2016-3427.json
View File

@ -1,267 +1,267 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3427",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10159",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10159"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20160420-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20160420-0001/"
},
{
"name" : "DSA-3558",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3558"
},
{
"name" : "GLSA-201606-18",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201606-18"
},
{
"name" : "RHSA-2016:0701",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
},
{
"name" : "RHSA-2016:0702",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
},
{
"name" : "RHSA-2016:0708",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
},
{
"name" : "RHSA-2016:0716",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
},
{
"name" : "RHSA-2016:0723",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
},
{
"name" : "RHSA-2016:1430",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name" : "RHSA-2016:1039",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
},
{
"name" : "RHSA-2016:0650",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
},
{
"name" : "RHSA-2016:0651",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
},
{
"name" : "RHSA-2016:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
},
{
"name" : "RHSA-2016:0676",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
},
{
"name" : "RHSA-2016:0677",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
},
{
"name" : "RHSA-2016:0678",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
},
{
"name" : "RHSA-2016:0679",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
},
{
"name" : "RHSA-2017:1216",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name" : "SUSE-SU-2016:1299",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
},
{
"name" : "SUSE-SU-2016:1300",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
},
{
"name" : "SUSE-SU-2016:1303",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
},
{
"name" : "SUSE-SU-2016:1378",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
},
{
"name" : "SUSE-SU-2016:1379",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
},
{
"name" : "SUSE-SU-2016:1388",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
},
{
"name" : "SUSE-SU-2016:1458",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
},
{
"name" : "SUSE-SU-2016:1475",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
},
{
"name" : "openSUSE-SU-2016:1222",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
},
{
"name" : "openSUSE-SU-2016:1230",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
},
{
"name" : "openSUSE-SU-2016:1235",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
},
{
"name" : "SUSE-SU-2016:1248",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
},
{
"name" : "SUSE-SU-2016:1250",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
},
{
"name" : "openSUSE-SU-2016:1262",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
},
{
"name" : "openSUSE-SU-2016:1265",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
},
{
"name" : "USN-2963-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2963-1"
},
{
"name" : "USN-2964-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2964-1"
},
{
"name" : "USN-2972-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2972-1"
},
{
"name" : "86421",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/86421"
},
{
"name" : "1035596",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035596"
},
{
"name" : "1037331",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037331"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1222",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
},
{
"name": "RHSA-2016:0677",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
},
{
"name": "SUSE-SU-2016:1299",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
},
{
"name": "RHSA-2016:1039",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
},
{
"name": "RHSA-2016:0701",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
},
{
"name": "USN-2972-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2972-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1303",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
},
{
"name": "1037331",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037331"
},
{
"name": "SUSE-SU-2016:1475",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
},
{
"name": "openSUSE-SU-2016:1235",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
},
{
"name": "openSUSE-SU-2016:1262",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
},
{
"name": "SUSE-SU-2016:1300",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
},
{
"name": "RHSA-2016:0676",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
},
{
"name": "RHSA-2016:1430",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "https://security.netapp.com/advisory/ntap-20160420-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
},
{
"name": "RHSA-2016:0708",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
},
{
"name": "RHSA-2016:0723",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
},
{
"name": "RHSA-2016:0651",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
},
{
"name": "SUSE-SU-2016:1378",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
},
{
"name": "SUSE-SU-2016:1248",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
},
{
"name": "SUSE-SU-2016:1379",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10159",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10159"
},
{
"name": "USN-2964-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2964-1"
},
{
"name": "openSUSE-SU-2016:1230",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
},
{
"name": "SUSE-SU-2016:1458",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
},
{
"name": "GLSA-201606-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-18"
},
{
"name": "RHSA-2016:0716",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
},
{
"name": "1035596",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035596"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "openSUSE-SU-2016:1265",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
},
{
"name": "USN-2963-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2963-1"
},
{
"name": "RHSA-2016:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
},
{
"name": "SUSE-SU-2016:1250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
},
{
"name": "SUSE-SU-2016:1388",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
},
{
"name": "RHSA-2016:0702",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
},
{
"name": "RHSA-2016:0679",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
},
{
"name": "RHSA-2017:1216",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name": "DSA-3558",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3558"
},
{
"name": "RHSA-2016:0678",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
},
{
"name": "86421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/86421"
},
{
"name": "RHSA-2016:0650",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
}
]
}
}

150
2016/3xxx/CVE-2016-3543.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3543",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91841",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91841"
},
{
"name" : "1036403",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036403"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91841"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "1036403",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036403"
}
]
}
}

170
2016/6xxx/CVE-2016-6793.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6793",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.7 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20161231 Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/539975/100/0/threaded"
},
{
"name" : "[oss-security] 20161231 Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/31/1"
},
{
"name" : "https://www.tenable.com/security/research/tra-2016-23",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2016-23"
},
{
"name" : "https://wicket.apache.org/news/2016/12/31/cve-2016-6793.html",
"refsource" : "CONFIRM",
"url" : "https://wicket.apache.org/news/2016/12/31/cve-2016-6793.html"
},
{
"name" : "95168",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95168"
},
{
"name" : "1037541",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037541"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.7 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037541",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037541"
},
{
"name": "20161231 Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539975/100/0/threaded"
},
{
"name": "[oss-security] 20161231 Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/31/1"
},
{
"name": "https://wicket.apache.org/news/2016/12/31/cve-2016-6793.html",
"refsource": "CONFIRM",
"url": "https://wicket.apache.org/news/2016/12/31/cve-2016-6793.html"
},
{
"name": "95168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95168"
},
{
"name": "https://www.tenable.com/security/research/tra-2016-23",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-23"
}
]
}
}

170
2016/7xxx/CVE-2016-7133.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7133",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2016/09/02/9"
},
{
"name" : "http://www.php.net/ChangeLog-7.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-7.php"
},
{
"name" : "https://bugs.php.net/bug.php?id=72742",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=72742"
},
{
"name" : "https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1",
"refsource" : "CONFIRM",
"url" : "https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1"
},
{
"name" : "GLSA-201611-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-22"
},
{
"name" : "92765",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92765"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92765"
},
{
"name": "http://www.php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1"
},
{
"name": "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2016/09/02/9"
},
{
"name": "https://bugs.php.net/bug.php?id=72742",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=72742"
}
]
}
}

140
2016/7xxx/CVE-2016-7218.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7218",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka \"Windows Bowser.sys Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-135",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135"
},
{
"name" : "94004",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94004"
},
{
"name" : "1037251",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037251"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka \"Windows Bowser.sys Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94004"
},
{
"name": "1037251",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037251"
},
{
"name": "MS16-135",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135"
}
]
}
}

150
2016/7xxx/CVE-2016-7226.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka \"VHD Driver Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40763",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40763/"
},
{
"name" : "MS16-138",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138"
},
{
"name" : "94018",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94018"
},
{
"name" : "1037248",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037248"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka \"VHD Driver Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037248",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037248"
},
{
"name": "MS16-138",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138"
},
{
"name": "94018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94018"
},
{
"name": "40763",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40763/"
}
]
}
}

34
2016/7xxx/CVE-2016-7335.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7335",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7335",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/7xxx/CVE-2016-7751.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7751",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7751",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

180
2016/7xxx/CVE-2016-7859.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2016-7859",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-7859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-602",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-602"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html"
},
{
"name" : "GLSA-201611-18",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-18"
},
{
"name" : "MS16-141",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141"
},
{
"name" : "RHSA-2016:2676",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2676.html"
},
{
"name" : "94153",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94153"
},
{
"name" : "1037240",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037240"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-141",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html"
},
{
"name": "94153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94153"
},
{
"name": "RHSA-2016:2676",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2676.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-602",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-602"
},
{
"name": "1037240",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037240"
},
{
"name": "GLSA-201611-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-18"
}
]
}
}