admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:26:50 +00:00
parent 8ab6bbb094
commit 4824eb60af
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3939 additions and 3939 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
2006/0xxx/CVE-2006-0257.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0257", "ID": "CVE-2006-0257",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILITY package."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILITY package."
{ }
"name" : "VU#545804", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/545804" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16287", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16287" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0243", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0243" ]
}, },
{ "references": {
"name" : "ADV-2006-0323", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0323" "name": "oracle-january2006-update(24321)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
"name" : "22540", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22540" "name": "22540",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22540"
"name" : "1015499", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015499" "name": "18493",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18493"
"name" : "18493", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18493" "name": "ADV-2006-0323",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0323"
"name" : "18608", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18608" "name": "16287",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16287"
"name" : "oracle-january2006-update(24321)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" "name": "VU#545804",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/545804"
} },
} {
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}

190
2006/0xxx/CVE-2006-0348.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0348", "ID": "CVE-2006-0348",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://midas.psi.ch/elog/download/ChangeLog", "description_data": [
"refsource" : "MISC", {
"url" : "http://midas.psi.ch/elog/download/ChangeLog" "lang": "eng",
}, "value": "Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "DSA-967", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2006/dsa-967" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16315", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16315" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0262", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0262" ]
}, },
{ "references": {
"name" : "22646", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22646" "name": "22646",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22646"
"name" : "18533", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18533" "name": "16315",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16315"
"name" : "18783", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18783" "name": "18783",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18783"
"name" : "elog-elogd-format-string(24221)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24221" "name": "elog-elogd-format-string(24221)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24221"
} },
} {
"name": "ADV-2006-0262",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0262"
},
{
"name": "18533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18533"
},
{
"name": "DSA-967",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-967"
},
{
"name": "http://midas.psi.ch/elog/download/ChangeLog",
"refsource": "MISC",
"url": "http://midas.psi.ch/elog/download/ChangeLog"
}
]
}
}

170
2006/0xxx/CVE-2006-0968.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0968", "ID": "CVE-2006-0968",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ncprwsnt service in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to execute arbitrary code by modifying the connect.bat script, which is automatically executed by the service after a connection is established."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060301 NCP VPN/PKI Client - various Bugs", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/426480/100/0/threaded" "lang": "eng",
}, "value": "The ncprwsnt service in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to execute arbitrary code by modifying the connect.bat script, which is automatically executed by the service after a connection is established."
{ }
"name" : "20060301 NCP VPN/PKI Client - various Bugs", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16906", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16906" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19082", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/19082" ]
}, },
{ "references": {
"name" : "524", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/524" "name": "16906",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16906"
"name" : "ncp-connect-command-execution(25251)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25251" "name": "ncp-connect-command-execution(25251)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25251"
} },
} {
"name": "20060301 NCP VPN/PKI Client - various Bugs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426480/100/0/threaded"
},
{
"name": "524",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/524"
},
{
"name": "19082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19082"
},
{
"name": "20060301 NCP VPN/PKI Client - various Bugs",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html"
}
]
}
}

180
2006/1xxx/CVE-2006-1402.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1402", "ID": "CVE-2006-1402",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to (1) cause a denial of service via a long nickname or teamname to the SV_SetupUserInfo function or (2) execute arbitrary code via a long string sent when joining a match or a long chat message to the SV_BroadcastPrintf function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aluigi.altervista.org/adv/csdoombof-adv.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://aluigi.altervista.org/adv/csdoombof-adv.txt" "lang": "eng",
}, "value": "Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to (1) cause a denial of service via a long nickname or teamname to the SV_SetupUserInfo function or (2) execute arbitrary code via a long string sent when joining a match or a long chat message to the SV_BroadcastPrintf function."
{ }
"name" : "http://voxelsoft.com/csdoom/", ]
"refsource" : "CONFIRM", },
"url" : "http://voxelsoft.com/csdoom/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17248", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17248" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1105", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1105" ]
}, },
{ "references": {
"name" : "19389", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19389" "name": "http://aluigi.altervista.org/adv/csdoombof-adv.txt",
}, "refsource": "MISC",
{ "url": "http://aluigi.altervista.org/adv/csdoombof-adv.txt"
"name" : "csdoom-sv-broadcastprintf-bo(25448)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25448" "name": "ADV-2006-1105",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1105"
"name" : "csdoom-sv-setupuserinfo-bo(25449)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25449" "name": "19389",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/19389"
} },
} {
"name": "csdoom-sv-setupuserinfo-bo(25449)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25449"
},
{
"name": "17248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17248"
},
{
"name": "csdoom-sv-broadcastprintf-bo(25448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25448"
},
{
"name": "http://voxelsoft.com/csdoom/",
"refsource": "CONFIRM",
"url": "http://voxelsoft.com/csdoom/"
}
]
}
}

210
2006/1xxx/CVE-2006-1883.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1883", "ID": "CVE-2006-1883",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite and Applications 11.5.10CU1 has unknown impact and attack vectors, aka Vuln# APPS05."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite and Applications 11.5.10CU1 has unknown impact and attack vectors, aka Vuln# APPS05."
{ }
"name" : "HPSBMA02113", ]
"refsource" : "HP", },
"url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT061148", "description": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17590", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/17590" ]
}, },
{ "references": {
"name" : "ADV-2006-1397", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1397" "name": "19712",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19712"
"name" : "ADV-2006-1571", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1571" "name": "oracle-ebusiness-multiple-unspecifed(26058)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26058"
"name" : "1015961", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015961" "name": "19859",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19859"
"name" : "19712", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19712" "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html"
"name" : "19859", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19859" "name": "ADV-2006-1571",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1571"
"name" : "oracle-ebusiness-multiple-unspecifed(26058)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26058" "name": "17590",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/17590"
} },
} {
"name": "SSRT061148",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"
},
{
"name": "ADV-2006-1397",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1397"
},
{
"name": "HPSBMA02113",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"
},
{
"name": "1015961",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015961"
}
]
}
}

190
2006/5xxx/CVE-2006-5033.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5033", "ID": "CVE-2006-5033",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060911 vCAP calendar server Multiple vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0187.html" "lang": "eng",
}, "value": "Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding."
{ }
"name" : "http://www.morx.org/vcap.txt", ]
"refsource" : "MISC", },
"url" : "http://www.morx.org/vcap.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19959", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19959" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-3569", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/3569" ]
}, },
{ "references": {
"name" : "28807", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28807" "name": "vcap-request-dos(28872)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28872"
"name" : "1016822", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016822" "name": "http://www.morx.org/vcap.txt",
}, "refsource": "MISC",
{ "url": "http://www.morx.org/vcap.txt"
"name" : "21862", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21862" "name": "21862",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21862"
"name" : "vcap-request-dos(28872)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28872" "name": "ADV-2006-3569",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/3569"
} },
} {
"name": "20060911 vCAP calendar server Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0187.html"
},
{
"name": "1016822",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016822"
},
{
"name": "28807",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28807"
},
{
"name": "19959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19959"
}
]
}
}

190
2006/5xxx/CVE-2006-5132.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5132", "ID": "CVE-2006-5132",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) agenda2.php3, different vectors than CVE-2006-2009."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060515 tyree[at]users.sourceforge.net", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/433995" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) agenda2.php3, different vectors than CVE-2006-2009."
{ }
"name" : "http://osvdb.org/ref/29/2914x-phpmyagenda.txt", ]
"refsource" : "MISC", },
"url" : "http://osvdb.org/ref/29/2914x-phpmyagenda.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/forum/forum.php?forum_id=569237", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/forum/forum.php?forum_id=569237" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "29148", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/29148" ]
}, },
{ "references": {
"name" : "29149", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/29149" "name": "29151",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/29151"
"name" : "29150", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/29150" "name": "29150",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/29150"
"name" : "29151", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/29151" "name": "29149",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/29149"
"name" : "phpmyagenda-rootagenda-file-include(26062)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26062" "name": "phpmyagenda-rootagenda-file-include(26062)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26062"
} },
} {
"name": "http://osvdb.org/ref/29/2914x-phpmyagenda.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/29/2914x-phpmyagenda.txt"
},
{
"name": "20060515 tyree[at]users.sourceforge.net",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433995"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=569237",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=569237"
},
{
"name": "29148",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29148"
}
]
}
}

220
2006/5xxx/CVE-2006-5359.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5359", "ID": "CVE-2006-5359",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle Reports Developer component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Oracle E-Business Suite and Applications 11.5.10CU2, have unknown impact and remote attack vectors, aka Vuln# (1) REP01 and (2) REP02. NOTE: as of 20061027, Oracle has not disputed reports from a reliable researcher that these issues are related to (a) showenv and (b) parsequery for REP01, and (c) cellwrapper and (d) delimiter for REP02."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061023 Various Cross-Site-Scripting Vulnerabilities in Oracle Reports", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/449503/100/0/threaded" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in Oracle Reports Developer component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Oracle E-Business Suite and Applications 11.5.10CU2, have unknown impact and remote attack vectors, aka Vuln# (1) REP01 and (2) REP02. NOTE: as of 20061027, Oracle has not disputed reports from a reliable researcher that these issues are related to (a) showenv and (b) parsequery for REP01, and (c) cellwrapper and (d) delimiter for REP02."
{ }
"name" : "http://www.red-database-security.com/advisory/oracle_reports_css.html", ]
"refsource" : "MISC", },
"url" : "http://www.red-database-security.com/advisory/oracle_reports_css.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" ]
}, },
{ "references": {
"name" : "HPSBMA02133", "reference_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
}, "refsource": "MISC",
{ "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
"name" : "SSRT061201", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" "name": "20588",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20588"
"name" : "TA06-291A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" "name": "http://www.red-database-security.com/advisory/oracle_reports_css.html",
}, "refsource": "MISC",
{ "url": "http://www.red-database-security.com/advisory/oracle_reports_css.html"
"name" : "20588", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20588" "name": "HPSBMA02133",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
"name" : "ADV-2006-4065", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4065" "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
"name" : "1017077", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017077" "name": "20061023 Various Cross-Site-Scripting Vulnerabilities in Oracle Reports",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/449503/100/0/threaded"
"name" : "22396", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22396" "name": "SSRT061201",
} "refsource": "HP",
] "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
} },
} {
"name": "ADV-2006-4065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name": "22396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22396"
},
{
"name": "1017077",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017077"
},
{
"name": "TA06-291A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
}
]
}
}

170
2006/5xxx/CVE-2006-5568.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5568", "ID": "CVE-2006-5568",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FtpXQ Server 3.0.1 allows remote attackers to cause a denial of service (CPU exhaustion) via a long MKD command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061025 FTPXQ Denial of service exploit.", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050335.html" "lang": "eng",
}, "value": "FtpXQ Server 3.0.1 allows remote attackers to cause a denial of service (CPU exhaustion) via a long MKD command."
{ }
"name" : "20721", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20721" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4192", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4192" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22540", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22540" ]
}, },
{ "references": {
"name" : "1789", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1789" "name": "ftpxq-mkd-dos(29778)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29778"
"name" : "ftpxq-mkd-dos(29778)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29778" "name": "20061025 FTPXQ Denial of service exploit.",
} "refsource": "FULLDISC",
] "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050335.html"
} },
} {
"name": "1789",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1789"
},
{
"name": "ADV-2006-4192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4192"
},
{
"name": "22540",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22540"
},
{
"name": "20721",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20721"
}
]
}
}

170
2006/5xxx/CVE-2006-5716.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5716", "ID": "CVE-2006-5716",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allows remote attackers to include local files via a .. (dot dot) sequence in the chemin parameter, when the aff_news parameter is not set to \"1.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061028 freenews---> fileinclude", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/450012/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allows remote attackers to include local files via a .. (dot dot) sequence in the chemin parameter, when the aff_news parameter is not set to \"1.\""
{ }
"name" : "20061030 Re: freenews---> fileinclude", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/450081/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20061031 Re: freenews---> fileinclude", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/450157/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20795", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/20795" ]
}, },
{ "references": {
"name" : "1822", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1822" "name": "20061028 freenews---> fileinclude",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/450012/100/0/threaded"
"name" : "freenews-affnews-file-include(29896)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29896" "name": "20795",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/20795"
} },
} {
"name": "1822",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1822"
},
{
"name": "20061031 Re: freenews---> fileinclude",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450157/100/0/threaded"
},
{
"name": "20061030 Re: freenews---> fileinclude",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450081/100/0/threaded"
},
{
"name": "freenews-affnews-file-include(29896)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29896"
}
]
}
}

34
2006/5xxx/CVE-2006-5756.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2006-5756", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2006-5756",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2006. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2006. Notes: none."
} }
] ]
} }
} }

160
2007/2xxx/CVE-2007-2084.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2084", "ID": "CVE-2007-2084",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the auth_method parameter to (1) index.php, (2) list.php, (3) postreview.php, (4) reindex.php, (5) sections.php, (6) templates.php, (7) userinfo.php, (8) users.php, and (9) view.php in admin/. NOTE: this issue has been disputed by a reliable third party, who states that $auth_method is defined before use."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070414 MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/465724/100/0/threaded" "lang": "eng",
}, "value": "** DISPUTED ** PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the auth_method parameter to (1) index.php, (2) list.php, (3) postreview.php, (4) reindex.php, (5) sections.php, (6) templates.php, (7) userinfo.php, (8) users.php, and (9) view.php in admin/. NOTE: this issue has been disputed by a reliable third party, who states that $auth_method is defined before use."
{ }
"name" : "20070414 true until installed: MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities", ]
"refsource" : "VIM", },
"url" : "http://attrition.org/pipermail/vim/2007-April/001523.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35325", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/35325" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2583", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/2583" ]
}, },
{ "references": {
"name" : "mobilepublisher-authmethod-file-include(33679)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33679" "name": "20070414 MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/465724/100/0/threaded"
} },
} {
"name": "mobilepublisher-authmethod-file-include(33679)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33679"
},
{
"name": "35325",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35325"
},
{
"name": "20070414 true until installed: MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-April/001523.html"
},
{
"name": "2583",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2583"
}
]
}
}

140
2007/2xxx/CVE-2007-2096.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2096", "ID": "CVE-2007-2096",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in common.php in Hinton Design PHPHD Download System (phphd_downloads) allows remote attackers to execute arbitrary PHP code via a URL in the phphd_real_path parameter. NOTE: this issue may be present in versions from 2006."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070417 Remot File Include In Script phphd_downloads", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/465983/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in common.php in Hinton Design PHPHD Download System (phphd_downloads) allows remote attackers to execute arbitrary PHP code via a URL in the phphd_real_path parameter. NOTE: this issue may be present in versions from 2006."
{ }
"name" : "2588", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/2588" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "phphd-common-code-execution(33724)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33724" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "phphd-common-code-execution(33724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33724"
},
{
"name": "20070417 Remot File Include In Script phphd_downloads",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465983/100/0/threaded"
},
{
"name": "2588",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2588"
}
]
}
}

230
2007/2xxx/CVE-2007-2230.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2230", "ID": "CVE-2007-2230",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070424 Security Advisory: CA CleverPath SQL Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/466760/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors."
{ }
"name" : "20070424 Security Advisory: CA CleverPath SQL Injection", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0648.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.hacktics.com/AdvCleverPathApr07.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.hacktics.com/AdvCleverPathApr07.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ftp://ftp.ca.com/pub/portal/4.71/4.71.001_188_070329/readme_4.71.001_188_070329.txt", ]
"refsource" : "CONFIRM", }
"url" : "ftp://ftp.ca.com/pub/portal/4.71/4.71.001_188_070329/readme_4.71.001_188_070329.txt" ]
}, },
{ "references": {
"name" : "http://supportconnectw.ca.com/public/cp/portal/infodocs/portal-secnot.asp", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://supportconnectw.ca.com/public/cp/portal/infodocs/portal-secnot.asp" "name": "http://www.hacktics.com/AdvCleverPathApr07.html",
}, "refsource": "MISC",
{ "url": "http://www.hacktics.com/AdvCleverPathApr07.html"
"name" : "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=136879", },
"refsource" : "CONFIRM", {
"url" : "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=136879" "name": "ADV-2007-1544",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/1544"
"name" : "23671", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/23671" "name": "20070424 Security Advisory: CA CleverPath SQL Injection",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0648.html"
"name" : "ADV-2007-1544", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1544" "name": "23671",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/23671"
"name" : "34128", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/34128" "name": "ftp://ftp.ca.com/pub/portal/4.71/4.71.001_188_070329/readme_4.71.001_188_070329.txt",
}, "refsource": "CONFIRM",
{ "url": "ftp://ftp.ca.com/pub/portal/4.71/4.71.001_188_070329/readme_4.71.001_188_070329.txt"
"name" : "1017970", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1017970" "name": "http://supportconnectw.ca.com/public/cp/portal/infodocs/portal-secnot.asp",
}, "refsource": "CONFIRM",
{ "url": "http://supportconnectw.ca.com/public/cp/portal/infodocs/portal-secnot.asp"
"name" : "25002", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25002" "name": "20070424 Security Advisory: CA CleverPath SQL Injection",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/466760/100/0/threaded"
"name" : "ca-cpp-search-sql-injection(33853)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33853" "name": "25002",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/25002"
} },
} {
"name": "1017970",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017970"
},
{
"name": "34128",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34128"
},
{
"name": "ca-cpp-search-sql-injection(33853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33853"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=136879",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=136879"
}
]
}
}

180
2007/2xxx/CVE-2007-2351.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2351", "ID": "CVE-2007-2351",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBMA02197", "description_data": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00819543" "lang": "eng",
}, "value": "Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors."
{ }
"name" : "SSRT061285", ]
"refsource" : "HP", },
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00819543" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "23703", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/23703" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-1574", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/1574" ]
}, },
{ "references": {
"name" : "1017977", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1017977" "name": "HPSBMA02197",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00819543"
"name" : "25066", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25066" "name": "23703",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/23703"
"name" : "hpux-hppower-privilege-escalation(33965)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33965" "name": "hpux-hppower-privilege-escalation(33965)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33965"
} },
} {
"name": "1017977",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017977"
},
{
"name": "ADV-2007-1574",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1574"
},
{
"name": "25066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25066"
},
{
"name": "SSRT061285",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00819543"
}
]
}
}

180
2007/2xxx/CVE-2007-2588.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2588", "ID": "CVE-2007-2588",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://moaxb.blogspot.com/2007/05/moaxb-04-office-viewer-oaocx-v-32.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://moaxb.blogspot.com/2007/05/moaxb-04-office-viewer-oaocx-v-32.html" "lang": "eng",
}, "value": "Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function."
{ }
"name" : "http://www.shinnai.altervista.org/moaxb/20070504/oa.txt", ]
"refsource" : "MISC", },
"url" : "http://www.shinnai.altervista.org/moaxb/20070504/oa.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "23811", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/23811" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-1664", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/1664" ]
}, },
{ "references": {
"name" : "34335", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/34335" "name": "25143",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25143"
"name" : "25143", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25143" "name": "ADV-2007-1664",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/1664"
"name" : "office-viewer-oaocx-bo(34067)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34067" "name": "http://moaxb.blogspot.com/2007/05/moaxb-04-office-viewer-oaocx-v-32.html",
} "refsource": "MISC",
] "url": "http://moaxb.blogspot.com/2007/05/moaxb-04-office-viewer-oaocx-v-32.html"
} },
} {
"name": "http://www.shinnai.altervista.org/moaxb/20070504/oa.txt",
"refsource": "MISC",
"url": "http://www.shinnai.altervista.org/moaxb/20070504/oa.txt"
},
{
"name": "34335",
"refsource": "OSVDB",
"url": "http://osvdb.org/34335"
},
{
"name": "23811",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23811"
},
{
"name": "office-viewer-oaocx-bo(34067)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34067"
}
]
}
}

130
2010/0xxx/CVE-2010-0507.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-0507", "ID": "CVE-2010-0507",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4077", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4077" "lang": "eng",
}, "value": "Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image."
{ }
"name" : "APPLE-SA-2010-03-29-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
}
]
}
}

120
2010/0xxx/CVE-2010-0916.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-0916", "ID": "CVE-2010-0916",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle OpenSolaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rdist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "lang": "eng",
} "value": "Unspecified vulnerability in Oracle OpenSolaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rdist."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}

190
2010/0xxx/CVE-2010-0997.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2010-0997", "ID": "CVE-2010-0997",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100419 Secunia Research: e107 Content Management Plugin Script Insertion Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/510809/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter."
{ }
"name" : "http://e107.org/svn_changelog.php?version=0.7.20", ]
"refsource" : "MISC", },
"url" : "http://e107.org/svn_changelog.php?version=0.7.20" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://secunia.com/secunia_research/2010-43/", "description": [
"refsource" : "MISC", {
"url" : "http://secunia.com/secunia_research/2010-43/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://e107.org/comment.php?comment.news.864", ]
"refsource" : "CONFIRM", }
"url" : "http://e107.org/comment.php?comment.news.864" ]
}, },
{ "references": {
"name" : "39539", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/39539" "name": "http://e107.org/svn_changelog.php?version=0.7.20",
}, "refsource": "MISC",
{ "url": "http://e107.org/svn_changelog.php?version=0.7.20"
"name" : "39013", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39013" "name": "ADV-2010-0919",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0919"
"name" : "ADV-2010-0919", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0919" "name": "http://secunia.com/secunia_research/2010-43/",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2010-43/"
"name" : "e107-contentmanager-xss(57933)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57933" "name": "39539",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/39539"
} },
} {
"name": "e107-contentmanager-xss(57933)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57933"
},
{
"name": "http://e107.org/comment.php?comment.news.864",
"refsource": "CONFIRM",
"url": "http://e107.org/comment.php?comment.news.864"
},
{
"name": "20100419 Secunia Research: e107 Content Management Plugin Script Insertion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510809/100/0/threaded"
},
{
"name": "39013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39013"
}
]
}
}

320
2010/1xxx/CVE-2010-1787.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-1787", "ID": "CVE-2010-1787",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4276", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4276" "lang": "eng",
}, "value": "WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document."
{ }
"name" : "http://support.apple.com/kb/HT4334", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4334" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4456", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4456" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2010-07-28-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2010-09-08-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html" "name": "MDVSA-2011:039",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
"name" : "APPLE-SA-2010-11-22-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" "name": "ADV-2010-2722",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2722"
"name" : "MDVSA-2011:039", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "RHSA-2011:0177", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html" "name": "APPLE-SA-2010-09-08-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
"name" : "SUSE-SR:2010:018", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" "name": "http://support.apple.com/kb/HT4334",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4334"
"name" : "SUSE-SR:2011:002", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" "name": "http://support.apple.com/kb/HT4276",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4276"
"name" : "USN-1006-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1006-1" "name": "USN-1006-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1006-1"
"name" : "42020", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/42020" "name": "41856",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41856"
"name" : "oval:org.mitre.oval:def:11877", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11877" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "41856", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41856" "name": "APPLE-SA-2010-07-28-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html"
"name" : "42314", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42314" "name": "ADV-2011-0216",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0216"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "oval:org.mitre.oval:def:11877",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11877"
"name" : "43086", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43086" "name": "43086",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43086"
"name" : "ADV-2010-2722", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2722" "name": "SUSE-SR:2011:002",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "42314",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42314"
"name" : "ADV-2011-0216", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0216" "name": "RHSA-2011:0177",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
"name" : "ADV-2011-0552", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0552" "name": "ADV-2011-0552",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2011/0552"
} },
} {
"name": "42020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42020"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

180
2010/3xxx/CVE-2010-3147.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3147", "ID": "CVE-2010-3147",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka \"Insecure Library Loading Vulnerability.\" NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14745", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14745/" "lang": "eng",
}, "value": "Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka \"Insecure Library Loading Vulnerability.\" NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143."
{ }
"name" : "http://www.attackvector.org/new-dll-hijacking-exploits-many/", ]
"refsource" : "MISC", },
"url" : "http://www.attackvector.org/new-dll-hijacking-exploits-many/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS10-096", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-096" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA10-348A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:12352", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12352" "name": "TA10-348A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
"name" : "1024878", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024878" "name": "14745",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/14745/"
"name" : "41050", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41050" "name": "41050",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/41050"
} },
} {
"name": "MS10-096",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-096"
},
{
"name": "1024878",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024878"
},
{
"name": "http://www.attackvector.org/new-dll-hijacking-exploits-many/",
"refsource": "MISC",
"url": "http://www.attackvector.org/new-dll-hijacking-exploits-many/"
},
{
"name": "oval:org.mitre.oval:def:12352",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12352"
}
]
}
}

150
2010/3xxx/CVE-2010-3314.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-3314", "ID": "CVE-2010-3314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "11777", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/11777/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
{ }
"name" : "[oss-security] 20100921 Re: CVE request: egroupware remote code and xss", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/09/21/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.egroupware.org/news?item=93", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.egroupware.org/news?item=93" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2013", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2010/dsa-2013" ]
} },
] "references": {
} "reference_data": [
} {
"name": "11777",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11777/"
},
{
"name": "http://www.egroupware.org/news?item=93",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/news?item=93"
},
{
"name": "DSA-2013",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2013"
},
{
"name": "[oss-security] 20100921 Re: CVE request: egroupware remote code and xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/7"
}
]
}
}

160
2010/3xxx/CVE-2010-3920.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2010-3920", "ID": "CVE-2010-3920",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the \"C:\\Program Files\" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.epson.jp/support/misc/lps7100_9000/index.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.epson.jp/support/misc/lps7100_9000/index.htm" "lang": "eng",
}, "value": "The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the \"C:\\Program Files\" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories."
{ }
"name" : "JVN#62736872", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN62736872/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2010-000059", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000059.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "69678", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/69678" ]
}, },
{ "references": {
"name" : "42540", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42540" "name": "JVNDB-2010-000059",
} "refsource": "JVNDB",
] "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000059.html"
} },
} {
"name": "JVN#62736872",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN62736872/index.html"
},
{
"name": "42540",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42540"
},
{
"name": "http://www.epson.jp/support/misc/lps7100_9000/index.htm",
"refsource": "CONFIRM",
"url": "http://www.epson.jp/support/misc/lps7100_9000/index.htm"
},
{
"name": "69678",
"refsource": "OSVDB",
"url": "http://osvdb.org/69678"
}
]
}
}

180
2010/4xxx/CVE-2010-4094.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4094", "ID": "CVE-2010-4094",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://download4.boulder.ibm.com/sar/CMA/RAA/013m6/0/UpdateLog.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://download4.boulder.ibm.com/sar/CMA/RAA/013m6/0/UpdateLog.txt" "lang": "eng",
}, "value": "The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-214/", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-214/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "44172", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/44172" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "69008", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/69008" ]
}, },
{ "references": {
"name" : "1024601", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024601" "name": "ADV-2010-2732",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2732"
"name" : "41784", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41784" "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-214/",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-214/"
"name" : "ADV-2010-2732", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2732" "name": "44172",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/44172"
} },
} {
"name": "1024601",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024601"
},
{
"name": "41784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41784"
},
{
"name": "69008",
"refsource": "OSVDB",
"url": "http://osvdb.org/69008"
},
{
"name": "http://download4.boulder.ibm.com/sar/CMA/RAA/013m6/0/UpdateLog.txt",
"refsource": "MISC",
"url": "http://download4.boulder.ibm.com/sar/CMA/RAA/013m6/0/UpdateLog.txt"
}
]
}
}

190
2010/4xxx/CVE-2010-4598.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4598", "ID": "CVE-2010-4598",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "15802", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/15802" "lang": "eng",
}, "value": "Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request."
{ }
"name" : "http://aluigi.org/adv/integraxor_1-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://aluigi.org/adv/integraxor_1-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-355-01.pdf", "description": [
"refsource" : "MISC", {
"url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-355-01.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note", ]
"refsource" : "CONFIRM", }
"url" : "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note" ]
}, },
{ "references": {
"name" : "VU#979776", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/979776" "name": "45535",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/45535"
"name" : "45535", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45535" "name": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note",
}, "refsource": "CONFIRM",
{ "url": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note"
"name" : "42730", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42730" "name": "15802",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/15802"
"name" : "ADV-2010-3304", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3304" "name": "ADV-2010-3304",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2010/3304"
} },
} {
"name": "42730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42730"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-355-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-355-01.pdf"
},
{
"name": "VU#979776",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/979776"
},
{
"name": "http://aluigi.org/adv/integraxor_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/integraxor_1-adv.txt"
}
]
}
}

200
2014/0xxx/CVE-2014-0179.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0179", "ID": "CVE-2014-0179",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://libvirt.org/news.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://libvirt.org/news.html" "lang": "eng",
}, "value": "libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods."
{ }
"name" : "http://security.libvirt.org/2014/0003.html", ]
"refsource" : "CONFIRM", },
"url" : "http://security.libvirt.org/2014/0003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3038", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3038" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201412-04", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-201412-04.xml" ]
}, },
{ "references": {
"name" : "RHSA-2014:0560", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0560.html" "name": "RHSA-2014:0560",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"
"name" : "openSUSE-SU-2014:0650", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html" "name": "http://libvirt.org/news.html",
}, "refsource": "CONFIRM",
{ "url": "http://libvirt.org/news.html"
"name" : "openSUSE-SU-2014:0674", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html" "name": "60895",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60895"
"name" : "USN-2366-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2366-1" "name": "GLSA-201412-04",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
"name" : "60895", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60895" "name": "openSUSE-SU-2014:0674",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"
} },
} {
"name": "DSA-3038",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3038"
},
{
"name": "openSUSE-SU-2014:0650",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"
},
{
"name": "USN-2366-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2366-1"
},
{
"name": "http://security.libvirt.org/2014/0003.html",
"refsource": "CONFIRM",
"url": "http://security.libvirt.org/2014/0003.html"
}
]
}
}

120
2014/0xxx/CVE-2014-0359.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-0359", "ID": "CVE-2014-0359",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#657622", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/657622" "lang": "eng",
} "value": "Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#657622",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/657622"
}
]
}
}

190
2014/0xxx/CVE-2014-0502.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2014-0502", "ID": "CVE-2014-0502",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/" "lang": "eng",
}, "value": "Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014."
{ }
"name" : "https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html", ]
"refsource" : "MISC", },
"url" : "https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201405-04", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-201405-04.xml" ]
}, },
{ "references": {
"name" : "RHSA-2014:0196", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0196.html" "name": "openSUSE-SU-2014:0278",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html"
"name" : "openSUSE-SU-2014:0277", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html" "name": "https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html",
}, "refsource": "MISC",
{ "url": "https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html"
"name" : "openSUSE-SU-2014:0278", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html" "name": "GLSA-201405-04",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"
"name" : "SUSE-SU-2014:0290", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html" "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html",
} "refsource": "CONFIRM",
] "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html"
} },
} {
"name": "RHSA-2014:0196",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0196.html"
},
{
"name": "SUSE-SU-2014:0290",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html"
},
{
"name": "openSUSE-SU-2014:0277",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html"
},
{
"name": "http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/",
"refsource": "MISC",
"url": "http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/"
}
]
}
}

180
2014/0xxx/CVE-2014-0794.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-0794", "ID": "CVE-2014-0794",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140123 SQL Injection in JV Comment Joomla Extension", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/530872/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php."
{ }
"name" : "31175", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/31175" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.htbridge.com/advisory/HTB23195", "description": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23195" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://extensions.joomla.org/extensions/contacts-and-feedback/articles-comments/23394", ]
"refsource" : "CONFIRM", }
"url" : "http://extensions.joomla.org/extensions/contacts-and-feedback/articles-comments/23394" ]
}, },
{ "references": {
"name" : "64661", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64661" "name": "http://extensions.joomla.org/extensions/contacts-and-feedback/articles-comments/23394",
}, "refsource": "CONFIRM",
{ "url": "http://extensions.joomla.org/extensions/contacts-and-feedback/articles-comments/23394"
"name" : "101960", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/101960" "name": "64661",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/64661"
"name" : "joomla-jvcomment-unspecified-sql-injection(90532)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90532" "name": "joomla-jvcomment-unspecified-sql-injection(90532)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90532"
} },
} {
"name": "20140123 SQL Injection in JV Comment Joomla Extension",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530872/100/0/threaded"
},
{
"name": "101960",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/101960"
},
{
"name": "31175",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/31175"
},
{
"name": "https://www.htbridge.com/advisory/HTB23195",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23195"
}
]
}
}

34
2014/4xxx/CVE-2014-4119.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-4119", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-4119",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

120
2014/4xxx/CVE-2014-4850.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4850", "ID": "CVE-2014-4850",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html" "lang": "eng",
} "value": "SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html"
}
]
}
}

34
2014/4xxx/CVE-2014-4920.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4920", "ID": "CVE-2014-4920",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2014/4xxx/CVE-2014-4963.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4963", "ID": "CVE-2014-4963",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/532726/100/0/threaded" "lang": "eng",
}, "value": "Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action."
{ }
"name" : "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Jul/38" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532726/100/0/threaded"
},
{
"name": "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/38"
}
]
}
}

130
2014/8xxx/CVE-2014-8372.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8372", "ID": "CVE-2014-8372",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141210 NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2014/Dec/44" "lang": "eng",
}, "value": "AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference."
{ }
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0014.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0014.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0014.html"
},
{
"name": "20141210 NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/44"
}
]
}
}

150
2014/8xxx/CVE-2014-8441.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2014-8441", "ID": "CVE-2014-8441",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html" "lang": "eng",
}, "value": "Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440."
{ }
"name" : "openSUSE-SU-2015:0725", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "71050", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71050" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "adobe-cve20148441-code-exec(98616)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98616" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html"
},
{
"name": "71050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71050"
},
{
"name": "openSUSE-SU-2015:0725",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html"
},
{
"name": "adobe-cve20148441-code-exec(98616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98616"
}
]
}
}

34
2014/9xxx/CVE-2014-9053.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9053", "ID": "CVE-2014-9053",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/9xxx/CVE-2014-9148.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9148", "ID": "CVE-2014-9148",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) \"Install and Update\" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "36581", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/36581/" "lang": "eng",
}, "value": "Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) \"Install and Update\" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur."
{ }
"name" : "http://packetstormsecurity.com/files/131165/FiyoCMS-2.0.1.8-XSS-SQL-Injection-URL-Bypass.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/131165/FiyoCMS-2.0.1.8-XSS-SQL-Injection-URL-Bypass.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "73437", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/73437" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "73437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73437"
},
{
"name": "http://packetstormsecurity.com/files/131165/FiyoCMS-2.0.1.8-XSS-SQL-Injection-URL-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131165/FiyoCMS-2.0.1.8-XSS-SQL-Injection-URL-Bypass.html"
},
{
"name": "36581",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/36581/"
}
]
}
}

160
2014/9xxx/CVE-2014-9344.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9344", "ID": "CVE-2014-9344",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/129164/Snowfox-CMS-1.0-Cross-Site-Request-Forgery.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/129164/Snowfox-CMS-1.0-Cross-Site-Request-Forgery.html" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/."
{ }
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5205.php", ]
"refsource" : "MISC", },
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5205.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/GlobizSolutions/snowfox/releases", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/GlobizSolutions/snowfox/releases" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "114819", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/show/osvdb/114819" ]
}, },
{ "references": {
"name" : "mantisbt-cve20146316-open-redirect(99128)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99128" "name": "mantisbt-cve20146316-open-redirect(99128)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99128"
} },
} {
"name": "https://github.com/GlobizSolutions/snowfox/releases",
"refsource": "CONFIRM",
"url": "https://github.com/GlobizSolutions/snowfox/releases"
},
{
"name": "114819",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/114819"
},
{
"name": "http://packetstormsecurity.com/files/129164/Snowfox-CMS-1.0-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129164/Snowfox-CMS-1.0-Cross-Site-Request-Forgery.html"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5205.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5205.php"
}
]
}
}

160
2014/9xxx/CVE-2014-9472.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9472", "ID": "CVE-2014-9472",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html" "lang": "eng",
}, "value": "The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email."
{ }
"name" : "DSA-3176", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2015/dsa-3176" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2015-4698", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2015-4666", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html" ]
}, },
{ "references": {
"name" : "72832", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72832" "name": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html",
} "refsource": "CONFIRM",
] "url": "http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html"
} },
} {
"name": "72832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72832"
},
{
"name": "DSA-3176",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3176"
},
{
"name": "FEDORA-2015-4698",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html"
},
{
"name": "FEDORA-2015-4666",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html"
}
]
}
}

130
2014/9xxx/CVE-2014-9926.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2014-9926", "ID": "CVE-2014-9926",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "All Qualcomm products", "product_name": "All Qualcomm products",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free Vulnerability in GNSS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-05-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-05-01" "lang": "eng",
}, "value": "In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist."
{ }
"name" : "98228", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98228" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Use After Free Vulnerability in GNSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98228"
},
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
}
]
}
}

130
2014/9xxx/CVE-2014-9948.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2014-9948", "ID": "CVE-2014-9948",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "All Qualcomm products", "product_name": "All Qualcomm products",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Validation of Array Index Vulnerability in TrustZone"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-05-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-05-01" "lang": "eng",
}, "value": "In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist."
{ }
"name" : "98249", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98249" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Improper Validation of Array Index Vulnerability in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name": "98249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98249"
}
]
}
}

34
2016/3xxx/CVE-2016-3307.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-3307", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-3307",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

140
2016/3xxx/CVE-2016-3625.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3625", "ID": "CVE-2016-3625",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160408 CVE-2016-3625 libtiff: Out-of-bounds Read in the tiff2bw tool", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/04/08/5" "lang": "eng",
}, "value": "tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image."
{ }
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2566", ]
"refsource" : "MISC", },
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2566" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201701-16", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201701-16" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201701-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-16"
},
{
"name": "[oss-security] 20160408 CVE-2016-3625 libtiff: Out-of-bounds Read in the tiff2bw tool",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/08/5"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2566",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2566"
}
]
}
}

140
2016/3xxx/CVE-2016-3650.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@symantec.com",
"ID" : "CVE-2016-3650", "ID": "CVE-2016-3650",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01" "lang": "eng",
}, "value": "Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack."
{ }
"name" : "91432", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/91432" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036196", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036196" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01"
},
{
"name": "1036196",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036196"
},
{
"name": "91432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91432"
}
]
}
}

34
2016/3xxx/CVE-2016-3791.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-3791", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-3791",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

34
2016/6xxx/CVE-2016-6166.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6166", "ID": "CVE-2016-6166",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2016/6xxx/CVE-2016-6477.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6477", "ID": "CVE-2016-6477",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2016/6xxx/CVE-2016-6513.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6513", "ID": "CVE-2016-6513",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2016/07/28/3" "lang": "eng",
}, "value": "epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
{ }
"name" : "http://www.wireshark.org/security/wnpa-sec-2016-49.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.wireshark.org/security/wnpa-sec-2016-49.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72", ]
"refsource" : "CONFIRM", }
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72" ]
}, },
{ "references": {
"name" : "1036480", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036480" "name": "http://www.wireshark.org/security/wnpa-sec-2016-49.html",
} "refsource": "CONFIRM",
] "url": "http://www.wireshark.org/security/wnpa-sec-2016-49.html"
} },
} {
"name": "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2016/07/28/3"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663"
},
{
"name": "1036480",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036480"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72"
}
]
}
}

140
2016/7xxx/CVE-2016-7007.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-7007", "ID": "CVE-2016-7007",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" "lang": "eng",
}, "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
{ }
"name" : "93496", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93496" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036986", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036986" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name": "93496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93496"
}
]
}
}

182
2016/7xxx/CVE-2016-7067.json
View File

@ -1,93 +1,93 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "anemec@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-7067", "ID": "CVE-2016-7067",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "monit", "product_name": "monit",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.20.0" "version_value": "5.20.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Tildeslash Ltd." "vendor_name": "Tildeslash Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version" : "3.0"
}
],
[
{
"vectorString" : "5.8/AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-352"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161027 CVE-2016-7067 - CSRF in Monit Service Manager", "description_data": [
"refsource" : "MLIST", {
"url" : "https://seclists.org/oss-sec/2016/q4/267" "lang": "eng",
}, "value": "Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service."
{ }
"name" : "https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master", ]
"refsource" : "CONFIRM", },
"url" : "https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master" "impact": {
}, "cvss": [
{ [
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067", {
"refsource" : "CONFIRM", "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067" "version": "3.0"
}, }
{ ],
"name" : "93953", [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93953" "vectorString": "5.8/AV:N/AC:M/Au:N/C:N/I:P/A:P",
} "version": "2.0"
] }
} ]
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93953"
},
{
"name": "[oss-security] 20161027 CVE-2016-7067 - CSRF in Monit Service Manager",
"refsource": "MLIST",
"url": "https://seclists.org/oss-sec/2016/q4/267"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067"
},
{
"name": "https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master"
}
]
}
}

180
2016/7xxx/CVE-2016-7157.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7157", "ID": "CVE-2016-7157",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160906 CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/09/06/4" "lang": "eng",
}, "value": "The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK."
{ }
"name" : "[oss-security] 20160906 Re: CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/09/07/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[qemu-devel] 20160831 [PATCH 1/2] scsi: mptconfig: fix format string", "description": [
"refsource" : "MLIST", {
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[qemu-devel] 20160831 [PATCH 2/2] scsi: mptconfig: fix an assert expression", ]
"refsource" : "MLIST", }
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html" ]
}, },
{ "references": {
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=65a8e1f6413a0f6f79894da710b5d6d43361d27d", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=65a8e1f6413a0f6f79894da710b5d6d43361d27d" "name": "92775",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/92775"
"name" : "GLSA-201609-01", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201609-01" "name": "GLSA-201609-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201609-01"
"name" : "92775", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92775" "name": "[qemu-devel] 20160831 [PATCH 2/2] scsi: mptconfig: fix an assert expression",
} "refsource": "MLIST",
] "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html"
} },
} {
"name": "[oss-security] 20160906 CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/06/4"
},
{
"name": "[oss-security] 20160906 Re: CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/3"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=65a8e1f6413a0f6f79894da710b5d6d43361d27d",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=65a8e1f6413a0f6f79894da710b5d6d43361d27d"
},
{
"name": "[qemu-devel] 20160831 [PATCH 1/2] scsi: mptconfig: fix format string",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html"
}
]
}
}

150
2016/7xxx/CVE-2016-7199.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-7199", "ID": "CVE-2016-7199",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka \"Microsoft Browser Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS16-129", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" "lang": "eng",
}, "value": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka \"Microsoft Browser Information Disclosure Vulnerability.\""
{ }
"name" : "MS16-142", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-142" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94057", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94057" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1037245", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037245" ]
} },
] "references": {
} "reference_data": [
} {
"name": "MS16-129",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129"
},
{
"name": "94057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94057"
},
{
"name": "MS16-142",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-142"
},
{
"name": "1037245",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037245"
}
]
}
}

34
2016/7xxx/CVE-2016-7921.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-7921", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-7921",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7921. Reason: This candidate is a duplicate of CVE-2015-7921. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2015-7921 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7921. Reason: This candidate is a duplicate of CVE-2015-7921. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2015-7921 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

130
2016/8xxx/CVE-2016-8779.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2016-8779", "ID": "CVE-2016-8779",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20", "product_name": "FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20" "version_value": "FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "command injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en" "lang": "eng",
}, "value": "Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database."
{ }
"name" : "94620", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94620" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94620"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en"
}
]
}
}