admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:01:19 +00:00
parent 2b9a6feca9
commit 44f6dc8b2d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3835 additions and 3835 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2006/1xxx/CVE-2006-1344.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1344", "ID": "CVE-2006-1344",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as used in Managed PKI (MPKI) 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTML_FILE parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060320 CORE-2006-0124: Cross-Site Scripting in Verisign?s haydn.exe CGI script", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/428267/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as used in Managed PKI (MPKI) 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTML_FILE parameter."
{ }
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=522&idxseccion=10", ]
"refsource" : "MISC", },
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=522&idxseccion=10" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17170", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17170" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1084", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1084" ]
}, },
{ "references": {
"name" : "1015813", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015813" "name": "17170",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17170"
"name" : "614", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/614" "name": "http://www.coresecurity.com/common/showdoc.php?idx=522&idxseccion=10",
}, "refsource": "MISC",
{ "url": "http://www.coresecurity.com/common/showdoc.php?idx=522&idxseccion=10"
"name" : "verisign-haydn-xss(25349)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25349" "name": "ADV-2006-1084",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/1084"
} },
} {
"name": "verisign-haydn-xss(25349)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25349"
},
{
"name": "614",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/614"
},
{
"name": "20060320 CORE-2006-0124: Cross-Site Scripting in Verisign?s haydn.exe CGI script",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428267/100/0/threaded"
},
{
"name": "1015813",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015813"
}
]
}
}

120
2006/5xxx/CVE-2006-5479.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5479", "ID": "CVE-2006-5479",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain \"NCP Fragment.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm" "lang": "eng",
} "value": "The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain \"NCP Fragment.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm"
}
]
}
}

140
2006/5xxx/CVE-2006-5522.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5522", "ID": "CVE-2006-5522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2607", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2607" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php."
{ }
"name" : "20659", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20659" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "kawf-main-file-include(29709)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29709" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20659"
},
{
"name": "kawf-main-file-include(29709)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29709"
},
{
"name": "2607",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2607"
}
]
}
}

190
2006/5xxx/CVE-2006-5634.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5634", "ID": "CVE-2006-5634",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2688", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2688" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php."
{ }
"name" : "20819", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20819" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4274", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4274" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30136", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=30136" ]
}, },
{ "references": {
"name" : "30138", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/30138" "name": "30138",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/30138"
"name" : "30137", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/30137" "name": "20819",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20819"
"name" : "22644", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22644" "name": "30137",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/30137"
"name" : "phpprofiles-reqpath-file-include(29900)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29900" "name": "ADV-2006-4274",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/4274"
} },
} {
"name": "2688",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2688"
},
{
"name": "phpprofiles-reqpath-file-include(29900)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29900"
},
{
"name": "22644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22644"
},
{
"name": "30136",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=30136"
}
]
}
}

160
2006/5xxx/CVE-2006-5852.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5852", "ID": "CVE-2006-5852",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081108 [Full-disclosure] OpenBase SQL multiple vulnerabilities Part Deux", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=116296717330758&w=2" "lang": "eng",
}, "value": "Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327."
{ }
"name" : "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt", ]
"refsource" : "MISC", },
"url" : "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2738", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2738" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-4404", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/4404" ]
}, },
{ "references": {
"name" : "22742", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22742" "name": "22742",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/22742"
} },
} {
"name": "ADV-2006-4404",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4404"
},
{
"name": "2738",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2738"
},
{
"name": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt"
},
{
"name": "20081108 [Full-disclosure] OpenBase SQL multiple vulnerabilities Part Deux",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=116296717330758&w=2"
}
]
}
}

130
2006/5xxx/CVE-2006-5904.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5904", "ID": "CVE-2006-5904",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[MWCHAT_Libs] parameter to (1) about.php, (2) buddy.php, (3) chat.php, (4) dialog.php, (5) head.php, (6) help.php, (7) index.php, and (8) license.php, different vectors than CVE-2005-1869."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061103 MWChat pro V 7.0 <= (CONFIG[MWCHAT_Libs]) Remote File Include Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/450693/100/0/threaded" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[MWCHAT_Libs] parameter to (1) about.php, (2) buddy.php, (3) chat.php, (4) dialog.php, (5) head.php, (6) help.php, (7) index.php, and (8) license.php, different vectors than CVE-2005-1869."
{ }
"name" : "1849", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/1849" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061103 MWChat pro V 7.0 <= (CONFIG[MWCHAT_Libs]) Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450693/100/0/threaded"
},
{
"name": "1849",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1849"
}
]
}
}

240
2007/2xxx/CVE-2007-2026.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2026", "ID": "CVE-2007-2026",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070524 FLEA-2007-0022-1: file", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/469520/30/6420/threaded" "lang": "eng",
}, "value": "The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS."
{ }
"name" : "http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user", ]
"refsource" : "MISC", },
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=174217", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=174217" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://issues.rpath.com/browse/RPL-1311", ]
"refsource" : "CONFIRM", }
"url" : "https://issues.rpath.com/browse/RPL-1311" ]
}, },
{ "references": {
"name" : "http://www.amavis.org/security/asa-2007-3.txt", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.amavis.org/security/asa-2007-3.txt" "name": "https://bugs.gentoo.org/show_bug.cgi?id=174217",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.gentoo.org/show_bug.cgi?id=174217"
"name" : "GLSA-200704-13", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200704-13.xml" "name": "24918",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/24918"
"name" : "MDKSA-2007:114", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114" "name": "GLSA-200704-13",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-13.xml"
"name" : "24146", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24146" "name": "http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user",
}, "refsource": "MISC",
{ "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user"
"name" : "ADV-2007-2071", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2071" "name": "https://issues.rpath.com/browse/RPL-1311",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-1311"
"name" : "24918", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24918" "name": "http://www.amavis.org/security/asa-2007-3.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.amavis.org/security/asa-2007-3.txt"
"name" : "25394", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25394" "name": "25544",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25544"
"name" : "25544", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25544" "name": "MDKSA-2007:114",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
"name" : "25578", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25578" "name": "25578",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/25578"
} },
} {
"name": "20070524 FLEA-2007-0022-1: file",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"name": "ADV-2007-2071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"name": "25394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25394"
},
{
"name": "24146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24146"
}
]
}
}

160
2007/2xxx/CVE-2007-2091.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2091", "ID": "CVE-2007-2091",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS, aka the TeamSpeak display module) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "3750", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/3750" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS, aka the TeamSpeak display module) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter."
{ }
"name" : "23518", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/23518" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-1424", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1424" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37413", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/37413" ]
}, },
{ "references": {
"name" : "xoops-tsdisplay4xoopsblock2-file-include(33695)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33695" "name": "23518",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/23518"
} },
} {
"name": "3750",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3750"
},
{
"name": "37413",
"refsource": "OSVDB",
"url": "http://osvdb.org/37413"
},
{
"name": "xoops-tsdisplay4xoopsblock2-file-include(33695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33695"
},
{
"name": "ADV-2007-1424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1424"
}
]
}
}

270
2007/2xxx/CVE-2007-2683.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2683", "ID": "CVE-2007-2683",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via \"&\" characters in the GECOS field, which triggers the overflow during alias expansion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://dev.mutt.org/trac/ticket/2885", "description_data": [
"refsource" : "MISC", {
"url" : "http://dev.mutt.org/trac/ticket/2885" "lang": "eng",
}, "value": "Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via \"&\" characters in the GECOS field, which triggers the overflow during alias expansion."
{ }
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://issues.rpath.com/browse/RPL-1391", "description": [
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-1391" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2007:113", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113" ]
}, },
{ "references": {
"name" : "RHSA-2007:0386", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0386.html" "name": "25529",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25529"
"name" : "2007-0024", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2007/0024/" "name": "1018066",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018066"
"name" : "24192", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24192" "name": "2007-0024",
}, "refsource": "TRUSTIX",
{ "url": "http://www.trustix.org/errata/2007/0024/"
"name" : "34973", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/34973" "name": "26415",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26415"
"name" : "oval:org.mitre.oval:def:10543", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543" "name": "http://dev.mutt.org/trac/ticket/2885",
}, "refsource": "MISC",
{ "url": "http://dev.mutt.org/trac/ticket/2885"
"name" : "1018066", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018066" "name": "25408",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25408"
"name" : "25408", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25408" "name": "34973",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/34973"
"name" : "25529", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25529" "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890"
"name" : "25515", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25515" "name": "oval:org.mitre.oval:def:10543",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543"
"name" : "25546", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25546" "name": "25546",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25546"
"name" : "26415", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26415" "name": "25515",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25515"
"name" : "mutt-gecos-bo(34441)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34441" "name": "mutt-gecos-bo(34441)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34441"
} },
} {
"name": "MDKSA-2007:113",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113"
},
{
"name": "RHSA-2007:0386",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
},
{
"name": "24192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24192"
},
{
"name": "https://issues.rpath.com/browse/RPL-1391",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1391"
}
]
}
}

150
2007/2xxx/CVE-2007-2819.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2819", "ID": "CVE-2007-2819",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels-team.blogspot.com/2007/05/track-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels-team.blogspot.com/2007/05/track-xss-vuln.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter."
{ }
"name" : "24060", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24060" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37525", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37525" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "track+-reportitem-xss(34391)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34391" ]
} },
] "references": {
} "reference_data": [
} {
"name": "track+-reportitem-xss(34391)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34391"
},
{
"name": "http://pridels-team.blogspot.com/2007/05/track-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/05/track-xss-vuln.html"
},
{
"name": "37525",
"refsource": "OSVDB",
"url": "http://osvdb.org/37525"
},
{
"name": "24060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24060"
}
]
}
}

200
2007/3xxx/CVE-2007-3028.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2007-3028", "ID": "CVE-2007-3028",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check \"the number of convertible attributes\", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to \"client sent LDAP request logic,\" aka \"Windows Active Directory Denial of Service Vulnerability\". NOTE: this is probably a different issue than CVE-2007-0040."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "SSRT071446", "description_data": [
"refsource" : "HP", {
"url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html" "lang": "eng",
}, "value": "The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check \"the number of convertible attributes\", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to \"client sent LDAP request logic,\" aka \"Windows Active Directory Denial of Service Vulnerability\". NOTE: this is probably a different issue than CVE-2007-0040."
{ }
"name" : "MS07-039", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA07-191A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-191A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#348953", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/348953" ]
}, },
{ "references": {
"name" : "24796", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24796" "name": "SSRT071446",
}, "refsource": "HP",
{ "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
"name" : "ADV-2007-2481", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2481" "name": "24796",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/24796"
"name" : "oval:org.mitre.oval:def:1856", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1856" "name": "1018355",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018355"
"name" : "1018355", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018355" "name": "26002",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26002"
"name" : "26002", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26002" "name": "ADV-2007-2481",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2007/2481"
} },
} {
"name": "TA07-191A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
},
{
"name": "VU#348953",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/348953"
},
{
"name": "MS07-039",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039"
},
{
"name": "oval:org.mitre.oval:def:1856",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1856"
}
]
}
}

150
2007/3xxx/CVE-2007-3054.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3054", "ID": "CVE-2007-3054",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "24296", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24296" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "36412", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/36412" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "25517", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25517" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "linker-index-search-xss(34695)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34695" ]
} },
] "references": {
} "reference_data": [
} {
"name": "36412",
"refsource": "OSVDB",
"url": "http://osvdb.org/36412"
},
{
"name": "linker-index-search-xss(34695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34695"
},
{
"name": "24296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24296"
},
{
"name": "25517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25517"
}
]
}
}

220
2007/6xxx/CVE-2007-6204.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6204", "ID": "CVE-2007-6204",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071206 ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/484704/100/0/threaded" "lang": "eng",
}, "value": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe."
{ }
"name" : "4724", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/4724" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-071.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-071.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBMA02281", ]
"refsource" : "HP", }
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01188923" ]
}, },
{ "references": {
"name" : "SSRT061261", "reference_data": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01188923" "name": "26741",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/26741"
"name" : "26741", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/26741" "name": "ADV-2007-4111",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/4111"
"name" : "ADV-2007-4111", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/4111" "name": "27964",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27964"
"name" : "1019055", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019055" "name": "HPSBMA02281",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01188923"
"name" : "27964", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27964" "name": "4724",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/4724"
"name" : "3441", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3441" "name": "3441",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3441"
"name" : "hpopenview-nnm-unspecified-code-execution(38892)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38892" "name": "SSRT061261",
} "refsource": "HP",
] "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01188923"
} },
} {
"name": "1019055",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019055"
},
{
"name": "hpopenview-nnm-unspecified-code-execution(38892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38892"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-071.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-071.html"
},
{
"name": "20071206 ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484704/100/0/threaded"
}
]
}
}

150
2007/6xxx/CVE-2007-6324.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6324", "ID": "CVE-2007-6324",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4726", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4726" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter."
{ }
"name" : "26848", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/26848" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28058", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28058" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "citywriter-head-file-include(39012)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39012" ]
} },
] "references": {
} "reference_data": [
} {
"name": "4726",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4726"
},
{
"name": "citywriter-head-file-include(39012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39012"
},
{
"name": "28058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28058"
},
{
"name": "26848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26848"
}
]
}
}

300
2010/0xxx/CVE-2010-0211.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2010-0211", "ID": "CVE-2010-0211",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/515545/100/0/threaded" "lang": "eng",
}, "value": "The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite."
{ }
"name" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570", ]
"refsource" : "CONFIRM", },
"url" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4435", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4435" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0001.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0001.html" ]
}, },
{ "references": {
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" "name": "1024221",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024221"
"name" : "APPLE-SA-2010-11-10-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" "name": "http://support.apple.com/kb/HT4435",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4435"
"name" : "GLSA-201406-36", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-36.xml" "name": "GLSA-201406-36",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml"
"name" : "RHSA-2010:0542", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0542.html" "name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570",
}, "refsource": "CONFIRM",
{ "url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570"
"name" : "RHSA-2010:0543", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0543.html" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
"name" : "SUSE-SR:2010:014", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" "name": "ADV-2010-1858",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1858"
"name" : "41770", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/41770" "name": "40677",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40677"
"name" : "1024221", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024221" "name": "APPLE-SA-2010-11-10-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
"name" : "40639", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40639" "name": "ADV-2010-1849",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1849"
"name" : "40677", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40677" "name": "41770",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/41770"
"name" : "40687", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40687" "name": "RHSA-2010:0542",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0542.html"
"name" : "42787", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42787" "name": "40687",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40687"
"name" : "ADV-2010-1849", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1849" "name": "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
"name" : "ADV-2010-1858", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1858" "name": "SUSE-SR:2010:014",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
"name" : "ADV-2011-0025", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0025" "name": "RHSA-2010:0543",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2010-0543.html"
} },
} {
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name": "40639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40639"
},
{
"name": "42787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42787"
},
{
"name": "ADV-2011-0025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0025"
}
]
}
}

170
2010/0xxx/CVE-2010-0563.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0563", "ID": "CVE-2010-0563",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21417839", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21417839" "lang": "eng",
}, "value": "The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted."
{ }
"name" : "PM00610", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38122", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38122" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "62140", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/62140" ]
}, },
{ "references": {
"name" : "1023551", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023551" "name": "1023551",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1023551"
"name" : "38425", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38425" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21417839",
} "refsource": "CONFIRM",
] "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21417839"
} },
} {
"name": "PM00610",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610"
},
{
"name": "38122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38122"
},
{
"name": "38425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38425"
},
{
"name": "62140",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62140"
}
]
}
}

210
2010/0xxx/CVE-2010-0659.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0659", "ID": "CVE-2010-0659",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=28566", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=28566" "lang": "eng",
}, "value": "The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size."
{ }
"name" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://trac.webkit.org/changeset/52833", ]
"refsource" : "CONFIRM", }
"url" : "http://trac.webkit.org/changeset/52833" ]
}, },
{ "references": {
"name" : "https://bugs.webkit.org/show_bug.cgi?id=33231", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.webkit.org/show_bug.cgi?id=33231" "name": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html"
"name" : "SUSE-SR:2011:002", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "oval:org.mitre.oval:def:14079", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14079" "name": "http://trac.webkit.org/changeset/52833",
}, "refsource": "CONFIRM",
{ "url": "http://trac.webkit.org/changeset/52833"
"name" : "1023506", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023506" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "https://bugs.webkit.org/show_bug.cgi?id=33231",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.webkit.org/show_bug.cgi?id=33231"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "1023506",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1023506"
} },
} {
"name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs",
"refsource": "CONFIRM",
"url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=28566",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=28566"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "oval:org.mitre.oval:def:14079",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14079"
}
]
}
}

140
2010/1xxx/CVE-2010-1096.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1096", "ID": "CVE-2010-1096",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attackers to execute arbitrary SQL commands via the (1) txtgender and (2) txtlookgender parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "62627", "description_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/62627" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attackers to execute arbitrary SQL commands via the (1) txtgender and (2) txtlookgender parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "38767", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/38767" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2010-0493", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0493" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "38767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38767"
},
{
"name": "ADV-2010-0493",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0493"
},
{
"name": "62627",
"refsource": "OSVDB",
"url": "http://osvdb.org/62627"
}
]
}
}

200
2010/1xxx/CVE-2010-1423.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1423", "ID": "CVE-2010-1423",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100409 Java Deployment Toolkit Performs Insufficient Validation of Parameters", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2010-April/074036.html" "lang": "eng",
}, "value": "Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information."
{ }
"name" : "http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1", ]
"refsource" : "MISC", },
"url" : "http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#886582", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/886582" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "63648", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/63648" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:14090", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14090" "name": "http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1",
}, "refsource": "MISC",
{ "url": "http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1"
"name" : "1023840", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1023840" "name": "1023840",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1023840"
"name" : "39260", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39260" "name": "63648",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/63648"
"name" : "ADV-2010-0853", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0853" "name": "20100409 Java Deployment Toolkit Performs Insufficient Validation of Parameters",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2010-April/074036.html"
"name" : "jre-toolkit-command-execution(57615)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57615" "name": "39260",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/39260"
} },
} {
"name": "jre-toolkit-command-execution(57615)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57615"
},
{
"name": "VU#886582",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/886582"
},
{
"name": "oval:org.mitre.oval:def:14090",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14090"
},
{
"name": "ADV-2010-0853",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0853"
}
]
}
}

290
2010/1xxx/CVE-2010-1455.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-1455", "ID": "CVE-2010-1455",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100507 Re: CVE Assignment (wireshark)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/05/07/7" "lang": "eng",
}, "value": "The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file."
{ }
"name" : "http://www.wireshark.org/security/wnpa-sec-2010-03.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.wireshark.org/security/wnpa-sec-2010-03.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.wireshark.org/security/wnpa-sec-2010-04.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2010-04.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644" ]
}, },
{ "references": {
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646" "name": "SUSE-SR:2011:001",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
"name" : "MDVSA-2010:099", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:099" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "SUSE-SR:2011:001", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" "name": "39950",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/39950"
"name" : "SUSE-SR:2011:002", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "39950", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/39950" "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646"
"name" : "64363", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/64363" "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644"
"name" : "oval:org.mitre.oval:def:7331", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7331" "name": "39661",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39661"
"name" : "39661", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39661" "name": "http://www.wireshark.org/security/wnpa-sec-2010-03.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2010-03.html"
"name" : "42877", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42877" "name": "http://www.wireshark.org/security/wnpa-sec-2010-04.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2010-04.html"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "ADV-2010-1081",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1081"
"name" : "ADV-2010-1081", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1081" "name": "MDVSA-2010:099",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:099"
"name" : "ADV-2011-0076", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0076" "name": "42877",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42877"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "SUSE-SR:2011:002",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
"name" : "wireshark-docsis-dos(58362)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58362" "name": "ADV-2011-0076",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2011/0076"
} },
} {
"name": "wireshark-docsis-dos(58362)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58362"
},
{
"name": "[oss-security] 20100507 Re: CVE Assignment (wireshark)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/07/7"
},
{
"name": "64363",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64363"
},
{
"name": "oval:org.mitre.oval:def:7331",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7331"
}
]
}
}

34
2010/1xxx/CVE-2010-1699.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-1699", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-1699",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
} }
] ]
} }
} }

190
2010/4xxx/CVE-2010-4709.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4709", "ID": "CVE-2010-4709",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "16040", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/16040" "lang": "eng",
}, "value": "Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field."
{ }
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-02A.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-02A.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://automatedsolutions.com/pub/asmbtcpopc/readme.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://automatedsolutions.com/pub/asmbtcpopc/readme.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#768840", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/768840" ]
}, },
{ "references": {
"name" : "45974", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45974" "name": "modbus-modbus-bo(64944)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64944"
"name" : "43029", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43029" "name": "45974",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/45974"
"name" : "ADV-2011-0209", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0209" "name": "VU#768840",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/768840"
"name" : "modbus-modbus-bo(64944)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64944" "name": "ADV-2011-0209",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2011/0209"
} },
} {
"name": "43029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43029"
},
{
"name": "16040",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16040"
},
{
"name": "http://automatedsolutions.com/pub/asmbtcpopc/readme.htm",
"refsource": "CONFIRM",
"url": "http://automatedsolutions.com/pub/asmbtcpopc/readme.htm"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-02A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-02A.pdf"
}
]
}
}

130
2010/5xxx/CVE-2010-5202.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-5202", "ID": "CVE-2010-5202",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic allows local users to gain privileges via a Trojan horse WNASPI32.DLL file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/" "lang": "eng",
}, "value": "Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic allows local users to gain privileges via a Trojan horse WNASPI32.DLL file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party information."
{ }
"name" : "41308", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/41308" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/",
"refsource": "MISC",
"url": "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/"
},
{
"name": "41308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41308"
}
]
}
}

180
2010/5xxx/CVE-2010-5325.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-5325", "ID": "CVE-2010-5325",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160215 CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/02/15/1" "lang": "eng",
}, "value": "Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title."
{ }
"name" : "[oss-security] 20160215 Re: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/02/15/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.linuxfoundation.org/show_bug.cgi?id=515", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.linuxfoundation.org/show_bug.cgi?id=515" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1218297", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1218297" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1218297",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218297"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"name" : "RHSA-2016:0491", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0491.html" "name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog",
} "refsource": "CONFIRM",
] "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog"
} },
} {
"name": "https://bugs.linuxfoundation.org/show_bug.cgi?id=515",
"refsource": "CONFIRM",
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=515"
},
{
"name": "RHSA-2016:0491",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"name": "[oss-security] 20160215 CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/15/1"
},
{
"name": "[oss-security] 20160215 Re: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/15/7"
}
]
}
}

120
2014/0xxx/CVE-2014-0327.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-0327", "ID": "CVE-2014-0327",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#578598", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/578598" "lang": "eng",
} "value": "The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#578598",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/578598"
}
]
}
}

34
2014/0xxx/CVE-2014-0717.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-0717", "ID": "CVE-2014-0717",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2014/0xxx/CVE-2014-0732.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-0732", "ID": "CVE-2014-0732",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913" "lang": "eng",
}, "value": "The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495."
{ }
"name" : "20140218 Cisco Unified Communications Manager Real Time Monitoring Tool Information Disclosure Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913"
},
{
"name": "20140218 Cisco Unified Communications Manager Real Time Monitoring Tool Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732"
}
]
}
}

160
2014/10xxx/CVE-2014-10001.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-10001", "ID": "CVE-2014-10001",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "30911", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/30911" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller."
{ }
"name" : "http://packetstormsecurity.com/files/124755", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/124755" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "56377", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56377" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "appointmentscheduler-index-csrf(90420)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90420" ]
}, },
{ "references": {
"name" : "appointmentscheduler-index-xss(90419)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90419" "name": "30911",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/30911"
} },
} {
"name": "appointmentscheduler-index-xss(90419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90419"
},
{
"name": "56377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56377"
},
{
"name": "http://packetstormsecurity.com/files/124755",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124755"
},
{
"name": "appointmentscheduler-index-csrf(90420)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90420"
}
]
}
}

160
2014/1xxx/CVE-2014-1476.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-1476", "ID": "CVE-2014-1476",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://drupal.org/SA-CORE-2014-001", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://drupal.org/SA-CORE-2014-001" "lang": "eng",
}, "value": "The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page."
{ }
"name" : "DSA-2847", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2014/dsa-2847" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2014:031", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:031" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "64973", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/64973" ]
}, },
{ "references": {
"name" : "56260", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56260" "name": "DSA-2847",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2014/dsa-2847"
} },
} {
"name": "64973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64973"
},
{
"name": "https://drupal.org/SA-CORE-2014-001",
"refsource": "CONFIRM",
"url": "https://drupal.org/SA-CORE-2014-001"
},
{
"name": "56260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56260"
},
{
"name": "MDVSA-2014:031",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:031"
}
]
}
}

170
2014/1xxx/CVE-2014-1719.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2014-1719", "ID": "CVE-2014-1719",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=343661", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=343661" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://src.chromium.org/viewvc/chrome?revision=252010&view=revision", "description": [
"refsource" : "CONFIRM", {
"url" : "https://src.chromium.org/viewvc/chrome?revision=252010&view=revision" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2905", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2014/dsa-2905" ]
}, },
{ "references": {
"name" : "GLSA-201408-16", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml" "name": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html"
"name" : "openSUSE-SU-2014:0601", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html" "name": "openSUSE-SU-2014:0601",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html"
} },
} {
"name": "https://src.chromium.org/viewvc/chrome?revision=252010&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=252010&view=revision"
},
{
"name": "GLSA-201408-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name": "DSA-2905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2905"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=343661",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=343661"
}
]
}
}

140
2014/1xxx/CVE-2014-1993.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2014-1993", "ID": "CVE-2014-1993",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cs.cybozu.co.jp/information/gr20140714up04.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://cs.cybozu.co.jp/information/gr20140714up04.php" "lang": "eng",
}, "value": "The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors."
{ }
"name" : "JVN#75990997", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN75990997/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2014-000077", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000077" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/gr20140714up04.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/gr20140714up04.php"
},
{
"name": "JVNDB-2014-000077",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000077"
},
{
"name": "JVN#75990997",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN75990997/index.html"
}
]
}
}

130
2014/4xxx/CVE-2014-4292.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-4292", "ID": "CVE-2014-4292",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477."
{ }
"name" : "70499", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/70499" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70499"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
}
]
}
}

34
2014/4xxx/CVE-2014-4951.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-4951", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-4951",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

120
2014/5xxx/CVE-2014-5090.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5090", "ID": "CVE-2014-5090",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html" "lang": "eng",
} "value": "admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
]
}
}

180
2014/5xxx/CVE-2014-5162.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5162", "ID": "CVE-2014-5162",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\\n' and '\\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.wireshark.org/security/wnpa-sec-2014-08.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2014-08.html" "lang": "eng",
}, "value": "The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\\n' and '\\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet."
{ }
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=16f8ba1bed579344df373bf38fff552ab8baf380", ]
"refsource" : "CONFIRM", },
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=16f8ba1bed579344df373bf38fff552ab8baf380" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3002", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3002" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2014:1221", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2014:1038", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00025.html" "name": "openSUSE-SU-2014:1249",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html"
"name" : "openSUSE-SU-2014:1249", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html" "name": "SUSE-SU-2014:1221",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html"
"name" : "57593", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57593" "name": "DSA-3002",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2014/dsa-3002"
} },
} {
"name": "openSUSE-SU-2014:1038",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00025.html"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2014-08.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2014-08.html"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=16f8ba1bed579344df373bf38fff552ab8baf380",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=16f8ba1bed579344df373bf38fff552ab8baf380"
},
{
"name": "57593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57593"
}
]
}
}

140
2014/5xxx/CVE-2014-5712.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-5712", "ID": "CVE-2014-5712",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Turbo River Racing Free (aka com.tektite.androidgames.trrfree) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Turbo River Racing Free (aka com.tektite.androidgames.trrfree) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#382913", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/382913" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#382913",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/382913"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/5xxx/CVE-2014-5738.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-5738", "ID": "CVE-2014-5738",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Garfield's Defense (aka com.webprancer.google.garfieldDefense) application 1.5.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Garfield's Defense (aka com.webprancer.google.garfieldDefense) application 1.5.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#558385", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/558385" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#558385",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/558385"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2016/3xxx/CVE-2016-3042.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-3042", "ID": "CVE-2016-3042",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986716", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986716" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients."
{ }
"name" : "PI64790", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64790" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92985", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92985" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "PI64790",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64790"
},
{
"name": "92985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92985"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21986716",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986716"
}
]
}
}

140
2016/3xxx/CVE-2016-3064.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3064", "ID": "CVE-2016-3064",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://kb.netapp.com/support/index?page=content&id=9010099", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://kb.netapp.com/support/index?page=content&id=9010099" "lang": "eng",
}, "value": "NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20160830-0002/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20160830-0002/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92686", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92686" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20160830-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160830-0002/"
},
{
"name": "http://kb.netapp.com/support/index?page=content&id=9010099",
"refsource": "CONFIRM",
"url": "http://kb.netapp.com/support/index?page=content&id=9010099"
},
{
"name": "92686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92686"
}
]
}
}

34
2016/3xxx/CVE-2016-3133.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3133", "ID": "CVE-2016-3133",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2016/3xxx/CVE-2016-3303.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-3303", "ID": "CVE-2016-3303",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka \"Windows Graphics Component RCE Vulnerability,\" a different vulnerability than CVE-2016-3304."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "40256", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/40256/" "lang": "eng",
}, "value": "The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka \"Windows Graphics Component RCE Vulnerability,\" a different vulnerability than CVE-2016-3304."
{ }
"name" : "MS16-097", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-097" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92301", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92301" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1036564", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1036564" ]
} },
] "references": {
} "reference_data": [
} {
"name": "40256",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40256/"
},
{
"name": "92301",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92301"
},
{
"name": "MS16-097",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-097"
},
{
"name": "1036564",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036564"
}
]
}
}

180
2016/3xxx/CVE-2016-3679.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3679", "ID": "CVE-2016-3679",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
{ }
"name" : "RHSA-2016:0525", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0525.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2016:1059", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2016:0929", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2016:0930", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html" "name": "RHSA-2016:0525",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-0525.html"
"name" : "USN-2955-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2955-1" "name": "openSUSE-SU-2016:0929",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html"
"name" : "1035423", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035423" "name": "openSUSE-SU-2016:1059",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html"
} },
} {
"name": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html"
},
{
"name": "1035423",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035423"
},
{
"name": "openSUSE-SU-2016:0930",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html"
},
{
"name": "USN-2955-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2955-1"
}
]
}
}

150
2016/7xxx/CVE-2016-7851.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-7851", "ID": "CVE-2016-7851",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Connect 9.5.6 and earlier versions", "product_name": "Adobe Connect 9.5.6 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Connect 9.5.6 and earlier versions" "version_value": "Adobe Connect 9.5.6 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "40742", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/40742/" "lang": "eng",
}, "value": "Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks."
{ }
"name" : "https://helpx.adobe.com/security/products/connect/apsb16-35.html", ]
"refsource" : "CONFIRM", },
"url" : "https://helpx.adobe.com/security/products/connect/apsb16-35.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94152", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94152" "lang": "eng",
}, "value": "Cross-site scripting"
{ }
"name" : "1037239", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037239" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1037239",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037239"
},
{
"name": "94152",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94152"
},
{
"name": "https://helpx.adobe.com/security/products/connect/apsb16-35.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/connect/apsb16-35.html"
},
{
"name": "40742",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40742/"
}
]
}
}

34
2016/8xxx/CVE-2016-8043.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8043", "ID": "CVE-2016-8043",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2016/8xxx/CVE-2016-8587.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8587", "ID": "CVE-2016-8587",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/142221/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-dlp_policy_upload.cgi-Remote-Code-Execution.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/142221/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-dlp_policy_upload.cgi-Remote-Code-Execution.html" "lang": "eng",
}, "value": "dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/."
{ }
"name" : "98508", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98508" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98508"
},
{
"name": "http://packetstormsecurity.com/files/142221/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-dlp_policy_upload.cgi-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142221/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-dlp_policy_upload.cgi-Remote-Code-Execution.html"
}
]
}
}

122
2016/9xxx/CVE-2016-9045.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-07-19T00:00:00", "DATE_PUBLIC": "2017-07-19T00:00:00",
"ID" : "CVE-2016-9045", "ID": "CVE-2016-9045",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ProcessMaker Enterprise", "product_name": "ProcessMaker Enterprise",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ProcessMaker Enterprise Core 3.0.1.7-community" "version_value": "ProcessMaker Enterprise Core 3.0.1.7-community"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ProcessMaker" "vendor_name": "ProcessMaker"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0314", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0314" "lang": "eng",
} "value": "A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0314",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0314"
}
]
}
}

140
2016/9xxx/CVE-2016-9288.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9288", "ID": "CVE-2016-9288",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter \"target\" of function \"DragnDropReRank\" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/exponentcms/exponent-cms/commit/2ddffb2e7eafe4830e3483a4b437873022c461ba", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/exponentcms/exponent-cms/commit/2ddffb2e7eafe4830e3483a4b437873022c461ba" "lang": "eng",
}, "value": "In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter \"target\" of function \"DragnDropReRank\" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1."
{ }
"name" : "94296", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94296" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037280", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037280" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1037280",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037280"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/2ddffb2e7eafe4830e3483a4b437873022c461ba",
"refsource": "CONFIRM",
"url": "https://github.com/exponentcms/exponent-cms/commit/2ddffb2e7eafe4830e3483a4b437873022c461ba"
},
{
"name": "94296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94296"
}
]
}
}

216
2016/9xxx/CVE-2016-9700.json
View File

@ -1,110 +1,110 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-06-30T00:00:00", "DATE_PUBLIC": "2017-06-30T00:00:00",
"ID" : "CVE-2016-9700", "ID": "CVE-2016-9700",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational Collaborative Lifecycle Management", "product_name": "Rational Collaborative Lifecycle Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.0" "version_value": "4.0"
}, },
{ {
"version_value" : "4.0.1" "version_value": "4.0.1"
}, },
{ {
"version_value" : "4.0.2" "version_value": "4.0.2"
}, },
{ {
"version_value" : "4.0.3" "version_value": "4.0.3"
}, },
{ {
"version_value" : "4.0.4" "version_value": "4.0.4"
}, },
{ {
"version_value" : "4.0.5" "version_value": "4.0.5"
}, },
{ {
"version_value" : "4.0.6" "version_value": "4.0.6"
}, },
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "4.0.7" "version_value": "4.0.7"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528" "lang": "eng",
}, "value": "IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22005435", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22005435" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005435",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005435"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528"
}
]
}
}

34
2016/9xxx/CVE-2016-9884.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-9884", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-9884",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

34
2016/9xxx/CVE-2016-9968.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9968", "ID": "CVE-2016-9968",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2004.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2004", "ID": "CVE-2019-2004",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2259.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2259", "ID": "CVE-2019-2259",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2343.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2343", "ID": "CVE-2019-2343",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2934.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2934", "ID": "CVE-2019-2934",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2937.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2937", "ID": "CVE-2019-2937",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6949.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6949", "ID": "CVE-2019-6949",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }