admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:02:45 +00:00
parent cc24100290
commit 534e9da0d7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4008 additions and 4008 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2007/2xxx/CVE-2007-2021.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2021",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php. NOTE: the affected files might be from other software packages, so this might not be a vulnerability in Lore itself. NOTE: (1) might be the same issue as CVE-2006-5734.4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070408 Remot File Include In Script Lore v1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/465086/100/0/threaded"
},
{
"name" : "2565",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2565"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php. NOTE: the affected files might be from other software packages, so this might not be a vulnerability in Lore itself. NOTE: (1) might be the same issue as CVE-2006-5734.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2565",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2565"
},
{
"name": "20070408 Remot File Include In Script Lore v1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465086/100/0/threaded"
}
]
}
}

190
2007/2xxx/CVE-2007-2104.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme_url parameter to (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070404 iXon_CMS 0.30 Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/464675/100/0/threaded"
},
{
"name" : "35254",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35254"
},
{
"name" : "35255",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35255"
},
{
"name" : "35256",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35256"
},
{
"name" : "35257",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35257"
},
{
"name" : "35258",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35258"
},
{
"name" : "2577",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2577"
},
{
"name" : "ixoncms-themeurl-file-include(33438)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33438"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme_url parameter to (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35257",
"refsource": "OSVDB",
"url": "http://osvdb.org/35257"
},
{
"name": "ixoncms-themeurl-file-include(33438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33438"
},
{
"name": "35256",
"refsource": "OSVDB",
"url": "http://osvdb.org/35256"
},
{
"name": "35254",
"refsource": "OSVDB",
"url": "http://osvdb.org/35254"
},
{
"name": "2577",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2577"
},
{
"name": "35258",
"refsource": "OSVDB",
"url": "http://osvdb.org/35258"
},
{
"name": "20070404 iXon_CMS 0.30 Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464675/100/0/threaded"
},
{
"name": "35255",
"refsource": "OSVDB",
"url": "http://osvdb.org/35255"
}
]
}
}

170
2007/2xxx/CVE-2007-2940.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2940",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3992",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3992"
},
{
"name" : "24167",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24167"
},
{
"name" : "ADV-2007-1967",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1967"
},
{
"name" : "38051",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38051"
},
{
"name" : "38052",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38052"
},
{
"name" : "flap-pachtofile-file-include(34535)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34535"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24167"
},
{
"name": "3992",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3992"
},
{
"name": "38052",
"refsource": "OSVDB",
"url": "http://osvdb.org/38052"
},
{
"name": "38051",
"refsource": "OSVDB",
"url": "http://osvdb.org/38051"
},
{
"name": "ADV-2007-1967",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1967"
},
{
"name": "flap-pachtofile-file-include(34535)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34535"
}
]
}
}

170
2007/3xxx/CVE-2007-3151.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070608 Packeteer PacketShaper Web Management Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/470835/100/0/threaded"
},
{
"name" : "24388",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24388"
},
{
"name" : "37230",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37230"
},
{
"name" : "25577",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25577"
},
{
"name" : "2801",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2801"
},
{
"name" : "packetshaper-meastype-dos(34780)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34780"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2801",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2801"
},
{
"name": "packetshaper-meastype-dos(34780)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34780"
},
{
"name": "20070608 Packeteer PacketShaper Web Management Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470835/100/0/threaded"
},
{
"name": "24388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24388"
},
{
"name": "25577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25577"
},
{
"name": "37230",
"refsource": "OSVDB",
"url": "http://osvdb.org/37230"
}
]
}
}

150
2007/3xxx/CVE-2007-3210.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3210",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "24458",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24458"
},
{
"name" : "37235",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37235"
},
{
"name" : "25604",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25604"
},
{
"name" : "tokens-removechr-bo(34850)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34850"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25604"
},
{
"name": "37235",
"refsource": "OSVDB",
"url": "http://osvdb.org/37235"
},
{
"name": "tokens-removechr-bo(34850)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34850"
},
{
"name": "24458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24458"
}
]
}
}

190
2007/3xxx/CVE-2007-3362.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=214&",
"refsource" : "MISC",
"url" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=214&"
},
{
"name" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=215&",
"refsource" : "MISC",
"url" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=215&"
},
{
"name" : "http://www.ageet.com/us/agephone/help/index.htm#vers",
"refsource" : "CONFIRM",
"url" : "http://www.ageet.com/us/agephone/help/index.htm#vers"
},
{
"name" : "24540",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24540"
},
{
"name" : "24543",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24543"
},
{
"name" : "37729",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37729"
},
{
"name" : "25781",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25781"
},
{
"name" : "agephone-sip-message-dos(35067)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35067"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "agephone-sip-message-dos(35067)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35067"
},
{
"name": "24540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24540"
},
{
"name": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=215&",
"refsource": "MISC",
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=215&"
},
{
"name": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=214&",
"refsource": "MISC",
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=214&"
},
{
"name": "25781",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25781"
},
{
"name": "http://www.ageet.com/us/agephone/help/index.htm#vers",
"refsource": "CONFIRM",
"url": "http://www.ageet.com/us/agephone/help/index.htm#vers"
},
{
"name": "24543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24543"
},
{
"name": "37729",
"refsource": "OSVDB",
"url": "http://osvdb.org/37729"
}
]
}
}

190
2007/3xxx/CVE-2007-3697.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3697",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070710 Flashbb <= 1.1.7 - Remote File Inclusion Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/473281/100/0/threaded"
},
{
"name" : "4169",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4169"
},
{
"name" : "24842",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24842"
},
{
"name" : "ADV-2007-2514",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2514"
},
{
"name" : "36139",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36139"
},
{
"name" : "26007",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26007"
},
{
"name" : "2881",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2881"
},
{
"name" : "flashbb-sendmsg-file-include(35316)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070710 Flashbb <= 1.1.7 - Remote File Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473281/100/0/threaded"
},
{
"name": "ADV-2007-2514",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2514"
},
{
"name": "flashbb-sendmsg-file-include(35316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35316"
},
{
"name": "36139",
"refsource": "OSVDB",
"url": "http://osvdb.org/36139"
},
{
"name": "4169",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4169"
},
{
"name": "2881",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2881"
},
{
"name": "24842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24842"
},
{
"name": "26007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26007"
}
]
}
}

150
2007/3xxx/CVE-2007-3730.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://groups.google.com/group/comp.os.vms/browse_thread/thread/a5f68773805f862d/8a42e91fe1e9cd36",
"refsource" : "MISC",
"url" : "http://groups.google.com/group/comp.os.vms/browse_thread/thread/a5f68773805f862d/8a42e91fe1e9cd36"
},
{
"name" : "24751",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24751"
},
{
"name" : "37810",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37810"
},
{
"name" : "25882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25882"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://groups.google.com/group/comp.os.vms/browse_thread/thread/a5f68773805f862d/8a42e91fe1e9cd36",
"refsource": "MISC",
"url": "http://groups.google.com/group/comp.os.vms/browse_thread/thread/a5f68773805f862d/8a42e91fe1e9cd36"
},
{
"name": "37810",
"refsource": "OSVDB",
"url": "http://osvdb.org/37810"
},
{
"name": "25882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25882"
},
{
"name": "24751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24751"
}
]
}
}

150
2007/3xxx/CVE-2007-3779.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3779",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.braverock.com/gpg/cvs/viewcvs.cgi/gpg/gpg_pop_init.php.diff?r1=1.14&r2=1.15",
"refsource" : "MISC",
"url" : "http://www.braverock.com/gpg/cvs/viewcvs.cgi/gpg/gpg_pop_init.php.diff?r1=1.14&r2=1.15"
},
{
"name" : "http://www.braverock.com/gpg/statcvs/commit_log.html",
"refsource" : "MISC",
"url" : "http://www.braverock.com/gpg/statcvs/commit_log.html"
},
{
"name" : "20070710 SquirrelMail GPG Plugin Vulnerabilities",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
},
{
"name" : "37930",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37930"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.braverock.com/gpg/statcvs/commit_log.html",
"refsource": "MISC",
"url": "http://www.braverock.com/gpg/statcvs/commit_log.html"
},
{
"name": "http://www.braverock.com/gpg/cvs/viewcvs.cgi/gpg/gpg_pop_init.php.diff?r1=1.14&r2=1.15",
"refsource": "MISC",
"url": "http://www.braverock.com/gpg/cvs/viewcvs.cgi/gpg/gpg_pop_init.php.diff?r1=1.14&r2=1.15"
},
{
"name": "37930",
"refsource": "OSVDB",
"url": "http://osvdb.org/37930"
},
{
"name": "20070710 SquirrelMail GPG Plugin Vulnerabilities",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
}
]
}
}

270
2007/6xxx/CVE-2007-6200.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080212 FLEA-2008-0004-1 rsync",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name" : "http://rsync.samba.org/security.html#s3_0_0",
"refsource" : "CONFIRM",
"url" : "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name" : "APPLE-SA-2008-07-31",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name" : "MDVSA-2008:011",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name" : "RHSA-2011:0999",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name" : "SUSE-SR:2008:001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"name" : "26639",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26639"
},
{
"name" : "ADV-2007-4057",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name" : "ADV-2008-2268",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name" : "1019012",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019012"
},
{
"name" : "27863",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27863"
},
{
"name" : "27853",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27853"
},
{
"name" : "28412",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28412"
},
{
"name" : "28457",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28457"
},
{
"name" : "31326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31326"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27863"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name": "http://rsync.samba.org/security.html#s3_0_0",
"refsource": "CONFIRM",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}

170
2007/6xxx/CVE-2007-6263.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6263",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071207 netkit-ftpd/ftp uninitialized vulnerability",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=119704348003382&w=2"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=199206",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=199206"
},
{
"name" : "GLSA-200801-17",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200801-17.xml"
},
{
"name" : "26763",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26763"
},
{
"name" : "41191",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/41191"
},
{
"name" : "28697",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28697"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26763"
},
{
"name": "28697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28697"
},
{
"name": "GLSA-200801-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-17.xml"
},
{
"name": "20071207 netkit-ftpd/ftp uninitialized vulnerability",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=119704348003382&w=2"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=199206",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=199206"
},
{
"name": "41191",
"refsource": "OSVDB",
"url": "http://osvdb.org/41191"
}
]
}
}

130
2007/6xxx/CVE-2007-6320.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6320",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-6320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/198164",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/198164"
},
{
"name" : "43671",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/43671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43671",
"refsource": "OSVDB",
"url": "http://osvdb.org/43671"
},
{
"name": "http://drupal.org/node/198164",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/198164"
}
]
}
}

180
2010/0xxx/CVE-2010-0917.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt",
"refsource" : "MISC",
"url" : "http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt"
},
{
"name" : "http://isec.pl/vulnerabilities10.html",
"refsource" : "MISC",
"url" : "http://isec.pl/vulnerabilities10.html"
},
{
"name" : "http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/",
"refsource" : "MISC",
"url" : "http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/"
},
{
"name" : "http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx"
},
{
"name" : "http://www.microsoft.com/technet/security/advisory/981169.mspx",
"refsource" : "CONFIRM",
"url" : "http://www.microsoft.com/technet/security/advisory/981169.mspx"
},
{
"name" : "38473",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38473"
},
{
"name" : "ms-win-winhlp32-bo(56560)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56560"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.microsoft.com/technet/security/advisory/981169.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/981169.mspx"
},
{
"name": "http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/"
},
{
"name": "http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt",
"refsource": "MISC",
"url": "http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt"
},
{
"name": "http://isec.pl/vulnerabilities10.html",
"refsource": "MISC",
"url": "http://isec.pl/vulnerabilities10.html"
},
{
"name": "38473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38473"
},
{
"name": "http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx"
},
{
"name": "ms-win-winhlp32-bo(56560)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56560"
}
]
}
}

140
2010/1xxx/CVE-2010-1043.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1043",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "11359",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11359"
},
{
"name" : "62161",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62161"
},
{
"name" : "38524",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38524"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62161",
"refsource": "OSVDB",
"url": "http://osvdb.org/62161"
},
{
"name": "11359",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11359"
},
{
"name": "38524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38524"
}
]
}
}

120
2010/1xxx/CVE-2010-1181.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1181",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nishantdaspatnaik.yolasite.com/ipodpoc6.php",
"refsource" : "MISC",
"url" : "http://nishantdaspatnaik.yolasite.com/ipodpoc6.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nishantdaspatnaik.yolasite.com/ipodpoc6.php",
"refsource": "MISC",
"url": "http://nishantdaspatnaik.yolasite.com/ipodpoc6.php"
}
]
}
}

170
2010/1xxx/CVE-2010-1495.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1004-exploits/joomlamatamko-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/joomlamatamko-lfi.txt"
},
{
"name" : "12286",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12286"
},
{
"name" : "39550",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39550"
},
{
"name" : "63918",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/63918"
},
{
"name" : "39523",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39523"
},
{
"name" : "ADV-2010-0929",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12286",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12286"
},
{
"name": "39523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39523"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlamatamko-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlamatamko-lfi.txt"
},
{
"name": "63918",
"refsource": "OSVDB",
"url": "http://osvdb.org/63918"
},
{
"name": "39550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39550"
},
{
"name": "ADV-2010-0929",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0929"
}
]
}
}

160
2010/1xxx/CVE-2010-1534.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1534",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12067",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12067"
},
{
"name" : "39213",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39213"
},
{
"name" : "63562",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/63562"
},
{
"name" : "39352",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39352"
},
{
"name" : "shoutbox-controller-file-include(57534)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57534"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "shoutbox-controller-file-include(57534)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57534"
},
{
"name": "39352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39352"
},
{
"name": "63562",
"refsource": "OSVDB",
"url": "http://osvdb.org/63562"
},
{
"name": "39213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39213"
},
{
"name": "12067",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12067"
}
]
}
}

170
2010/1xxx/CVE-2010-1625.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1625",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100503 Re: CVE request: lxr",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127289957223005&w=2"
},
{
"name" : "[oss-security] 20100503 Re: CVE request: lxr",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/05/03/7"
},
{
"name" : "[oss-security] 20100506 Re: CVE request: lxr",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127316953819027&w=2"
},
{
"name" : "[oss-security] 20100506 Re: CVE request: lxr",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/05/06/2"
},
{
"name" : "[oss-security] 20100514 Re: CVE request: lxr",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/05/14/3"
},
{
"name" : "http://sourceforge.net/projects/lxr/files/stable/lxr-0.9.7/ChangeLog/download",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/projects/lxr/files/stable/lxr-0.9.7/ChangeLog/download"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100514 Re: CVE request: lxr",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/14/3"
},
{
"name": "[oss-security] 20100506 Re: CVE request: lxr",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127316953819027&w=2"
},
{
"name": "[oss-security] 20100503 Re: CVE request: lxr",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/03/7"
},
{
"name": "[oss-security] 20100506 Re: CVE request: lxr",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/06/2"
},
{
"name": "[oss-security] 20100503 Re: CVE request: lxr",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127289957223005&w=2"
},
{
"name": "http://sourceforge.net/projects/lxr/files/stable/lxr-0.9.7/ChangeLog/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/lxr/files/stable/lxr-0.9.7/ChangeLog/download"
}
]
}
}

250
2010/1xxx/CVE-2010-1675.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1675",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200",
"refsource" : "CONFIRM",
"url" : "http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=654614",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=654614"
},
{
"name" : "DSA-2197",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2197"
},
{
"name" : "GLSA-201202-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name" : "MDVSA-2011:058",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:058"
},
{
"name" : "SUSE-SU-2011:1316",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name" : "SUSE-SR:2011:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name" : "46943",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46943"
},
{
"name" : "71258",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/71258"
},
{
"name" : "43499",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43499"
},
{
"name" : "43770",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43770"
},
{
"name" : "48106",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48106"
},
{
"name" : "ADV-2011-0711",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0711"
},
{
"name" : "quagga-aspath-dos(66212)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=654614",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654614"
},
{
"name": "71258",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71258"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "quagga-aspath-dos(66212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66212"
},
{
"name": "GLSA-201202-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "SUSE-SU-2011:1316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "43770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43770"
},
{
"name": "48106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48106"
},
{
"name": "DSA-2197",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2197"
},
{
"name": "ADV-2011-0711",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0711"
},
{
"name": "46943",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46943"
},
{
"name": "http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200",
"refsource": "CONFIRM",
"url": "http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200"
},
{
"name": "MDVSA-2011:058",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:058"
},
{
"name": "43499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43499"
}
]
}
}

120
2010/5xxx/CVE-2010-5259.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5259",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow local users to gain privileges via a Trojan horse (1) wnaspi32.dll or (2) ntaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .img file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41243",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41243"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow local users to gain privileges via a Trojan horse (1) wnaspi32.dll or (2) ntaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .img file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41243"
}
]
}
}

170
2014/0xxx/CVE-2014-0491.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-0491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-02.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-02.html"
},
{
"name" : "RHSA-2014:0028",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0028.html"
},
{
"name" : "openSUSE-SU-2014:0128",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00006.html"
},
{
"name" : "1029602",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029602"
},
{
"name" : "56516",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56516"
},
{
"name" : "56636",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56636"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0128",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00006.html"
},
{
"name": "RHSA-2014:0028",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0028.html"
},
{
"name": "56636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56636"
},
{
"name": "1029602",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029602"
},
{
"name": "56516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56516"
},
{
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-02.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-02.html"
}
]
}
}

190
2014/0xxx/CVE-2014-0611.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.novell.com/support/kb/doc.php?id=7016653",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=909584",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=909586",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=909587",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=909588",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=909590",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=930467",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=930467"
},
{
"name" : "1032978",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032978"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032978",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032978"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7016653",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909590",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909587",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909588",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909584",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909586",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=930467",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
}
]
}
}

120
2014/0xxx/CVE-2014-0722.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0722",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140211 Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140211 Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722"
}
]
}
}

34
2014/1xxx/CVE-2014-1411.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1411",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1411",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/1xxx/CVE-2014-1686.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1686",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140312 CVE-2014-1686 -- Information disclosure: webserver source path in Mediawiki 1.18.0",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Mar/102"
},
{
"name" : "https://packetstormsecurity.com/files/125682",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/125682"
},
{
"name" : "66141",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66141"
},
{
"name" : "mediawiki-cve20141686-path-disclosure(91847)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91847"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mediawiki-cve20141686-path-disclosure(91847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91847"
},
{
"name": "https://packetstormsecurity.com/files/125682",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/125682"
},
{
"name": "66141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66141"
},
{
"name": "20140312 CVE-2014-1686 -- Information disclosure: webserver source path in Mediawiki 1.18.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/102"
}
]
}
}

250
2014/1xxx/CVE-2014-1748.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-1748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=331168",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=331168"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=170625&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=170625&view=revision"
},
{
"name" : "http://support.apple.com/kb/HT6596",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6596"
},
{
"name" : "APPLE-SA-2014-12-2-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html"
},
{
"name" : "DSA-2939",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2939"
},
{
"name" : "GLSA-201408-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name" : "openSUSE-SU-2016:0915",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"
},
{
"name" : "openSUSE-SU-2014:0783",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html"
},
{
"name" : "USN-2937-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2937-1"
},
{
"name" : "1030270",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030270"
},
{
"name" : "58920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58920"
},
{
"name" : "59155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59155"
},
{
"name" : "60372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=331168",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=331168"
},
{
"name": "DSA-2939",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2939"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html"
},
{
"name": "GLSA-201408-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name": "60372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60372"
},
{
"name": "openSUSE-SU-2014:0783",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html"
},
{
"name": "59155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59155"
},
{
"name": "openSUSE-SU-2016:0915",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"
},
{
"name": "http://support.apple.com/kb/HT6596",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6596"
},
{
"name": "APPLE-SA-2014-12-2-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html"
},
{
"name": "58920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58920"
},
{
"name": "1030270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030270"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=170625&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=170625&view=revision"
},
{
"name": "USN-2937-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2937-1"
}
]
}
}

180
2014/1xxx/CVE-2014-1854.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1854",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140220 SQL Injection in AdRotate",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/531176/100/0/threaded"
},
{
"name" : "31834",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/31834"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23201",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23201"
},
{
"name" : "http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5",
"refsource" : "CONFIRM",
"url" : "http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5"
},
{
"name" : "65709",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65709"
},
{
"name" : "57079",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57079"
},
{
"name" : "adrotate-track-sql-injection(91253)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91253"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "adrotate-track-sql-injection(91253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91253"
},
{
"name": "http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5",
"refsource": "CONFIRM",
"url": "http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5"
},
{
"name": "20140220 SQL Injection in AdRotate",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531176/100/0/threaded"
},
{
"name": "https://www.htbridge.com/advisory/HTB23201",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23201"
},
{
"name": "65709",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65709"
},
{
"name": "31834",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/31834"
},
{
"name": "57079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57079"
}
]
}
}

240
2014/4xxx/CVE-2014-4412.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4412",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT6440",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6440"
},
{
"name" : "https://support.apple.com/kb/HT6537",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6537"
},
{
"name" : "http://support.apple.com/kb/HT6441",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6441"
},
{
"name" : "http://support.apple.com/kb/HT6442",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6442"
},
{
"name" : "APPLE-SA-2014-09-17-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name" : "APPLE-SA-2014-09-17-2",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name" : "GLSA-201612-41",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-41"
},
{
"name" : "69881",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69881"
},
{
"name" : "69973",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69973"
},
{
"name" : "1030866",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030866"
},
{
"name" : "61306",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61306"
},
{
"name" : "61318",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61318"
},
{
"name" : "apple-cve20144412-code-exec(96032)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69973"
},
{
"name": "http://support.apple.com/kb/HT6441",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "https://support.apple.com/kb/HT6537",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6537"
},
{
"name": "1030866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "http://support.apple.com/kb/HT6442",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6442"
},
{
"name": "61318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61318"
},
{
"name": "APPLE-SA-2014-09-17-2",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name": "69881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69881"
},
{
"name": "APPLE-SA-2014-09-17-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name": "apple-cve20144412-code-exec(96032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96032"
},
{
"name": "http://support.apple.com/kb/HT6440",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6440"
},
{
"name": "61306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61306"
},
{
"name": "GLSA-201612-41",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-41"
}
]
}
}

160
2014/4xxx/CVE-2014-4433.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4433",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT6535",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6535"
},
{
"name" : "APPLE-SA-2014-10-16-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name" : "70620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70620"
},
{
"name" : "1031063",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031063"
},
{
"name" : "macosx-cve20144433-bo(97634)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97634"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70620"
},
{
"name": "APPLE-SA-2014-10-16-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "1031063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031063"
},
{
"name": "https://support.apple.com/kb/HT6535",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "macosx-cve20144433-bo(97634)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97634"
}
]
}
}

130
2014/5xxx/CVE-2014-5183.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-simple-retail-menus-a1-injection",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-simple-retail-menus-a1-injection"
},
{
"name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=861170%40simple-retail-menus&old=728969%40simple-retail-menus&sfp_email=&sfph_mail=#file1",
"refsource" : "CONFIRM",
"url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=861170%40simple-retail-menus&old=728969%40simple-retail-menus&sfp_email=&sfph_mail=#file1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codevigilant.com/disclosure/wp-plugin-simple-retail-menus-a1-injection",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-simple-retail-menus-a1-injection"
},
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=861170%40simple-retail-menus&old=728969%40simple-retail-menus&sfp_email=&sfph_mail=#file1",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=861170%40simple-retail-menus&old=728969%40simple-retail-menus&sfp_email=&sfph_mail=#file1"
}
]
}
}

160
2014/5xxx/CVE-2014-5451.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5451",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the \"a\" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140917 Reflected Cross-Site Scripting (XSS) in MODX Revolution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533466/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/128302/MODX-Revolution-2.3.1-pl-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128302/MODX-Revolution-2.3.1-pl-Cross-Site-Scripting.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23229",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23229"
},
{
"name" : "https://github.com/modxcms/revolution/commit/e36f80f18e9514204bf2ce82747c8adf7e47a9c9",
"refsource" : "CONFIRM",
"url" : "https://github.com/modxcms/revolution/commit/e36f80f18e9514204bf2ce82747c8adf7e47a9c9"
},
{
"name" : "69884",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69884"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the \"a\" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128302/MODX-Revolution-2.3.1-pl-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128302/MODX-Revolution-2.3.1-pl-Cross-Site-Scripting.html"
},
{
"name": "20140917 Reflected Cross-Site Scripting (XSS) in MODX Revolution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533466/100/0/threaded"
},
{
"name": "https://github.com/modxcms/revolution/commit/e36f80f18e9514204bf2ce82747c8adf7e47a9c9",
"refsource": "CONFIRM",
"url": "https://github.com/modxcms/revolution/commit/e36f80f18e9514204bf2ce82747c8adf7e47a9c9"
},
{
"name": "https://www.htbridge.com/advisory/HTB23229",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23229"
},
{
"name": "69884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69884"
}
]
}
}

260
2014/5xxx/CVE-2014-5461.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5461",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-5461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140821 CVE request: possible overflow in vararg functions",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/08/21/1"
},
{
"name" : "[oss-security] 20140821 Re: CVE request: possible overflow in vararg functions",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/08/21/4"
},
{
"name" : "[oss-security] 20140827 Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions]",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/08/27/2"
},
{
"name" : "http://www.lua.org/bugs.html#5.2.2-1",
"refsource" : "CONFIRM",
"url" : "http://www.lua.org/bugs.html#5.2.2-1"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0414.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0414.html"
},
{
"name" : "DSA-3015",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3015"
},
{
"name" : "DSA-3016",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3016"
},
{
"name" : "GLSA-201701-53",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-53"
},
{
"name" : "MDVSA-2015:144",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144"
},
{
"name" : "openSUSE-SU-2014:1145",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html"
},
{
"name" : "USN-2338-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2338-1"
},
{
"name" : "69342",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69342"
},
{
"name" : "59890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59890"
},
{
"name" : "60869",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60869"
},
{
"name" : "61411",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61411"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140821 Re: CVE request: possible overflow in vararg functions",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/21/4"
},
{
"name": "USN-2338-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2338-1"
},
{
"name": "GLSA-201701-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-53"
},
{
"name": "[oss-security] 20140827 Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/27/2"
},
{
"name": "69342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69342"
},
{
"name": "59890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59890"
},
{
"name": "MDVSA-2015:144",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144"
},
{
"name": "DSA-3016",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3016"
},
{
"name": "[oss-security] 20140821 CVE request: possible overflow in vararg functions",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/21/1"
},
{
"name": "60869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60869"
},
{
"name": "DSA-3015",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3015"
},
{
"name": "61411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61411"
},
{
"name": "http://www.lua.org/bugs.html#5.2.2-1",
"refsource": "CONFIRM",
"url": "http://www.lua.org/bugs.html#5.2.2-1"
},
{
"name": "openSUSE-SU-2014:1145",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0414.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0414.html"
}
]
}
}

140
2014/5xxx/CVE-2014-5675.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5675",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Phonegram - Instagram Download (aka com.pinssible.padgram) application 1.9.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#476193",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/476193"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Phonegram - Instagram Download (aka com.pinssible.padgram) application 1.9.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#476193",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/476193"
}
]
}
}

140
2014/5xxx/CVE-2014-5682.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5682",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Retale - Weekly Ads & Deals (aka com.retale.android) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#383617",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/383617"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Retale - Weekly Ads & Deals (aka com.retale.android) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#383617",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/383617"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/5xxx/CVE-2014-5995.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5995",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The eWUS mobile (aka pl.dreryk.ewustest) application 1.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#399193",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/399193"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The eWUS mobile (aka pl.dreryk.ewustest) application 1.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#399193",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/399193"
}
]
}
}

34
2016/10xxx/CVE-2016-10022.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10022",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-10022",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/10xxx/CVE-2016-10739.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10739",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1347549",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1347549"
},
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20018",
"refsource" : "MISC",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20018"
},
{
"name" : "106672",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106672"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20018",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20018"
},
{
"name": "106672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106672"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1347549",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347549"
}
]
}
}

140
2016/3xxx/CVE-2016-3315.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka \"Microsoft OneNote Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-099",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
},
{
"name" : "92294",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92294"
},
{
"name" : "1036559",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036559"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka \"Microsoft OneNote Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036559",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036559"
},
{
"name": "92294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92294"
},
{
"name": "MS16-099",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
}
]
}
}

130
2016/3xxx/CVE-2016-3628.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3628",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt"
},
{
"name" : "http://www.tibco.com/mk/advisory.jsp",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/mk/advisory.jsp"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt"
}
]
}
}

140
2016/3xxx/CVE-2016-3635.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3635",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20161011 Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Oct/48"
},
{
"name" : "https://www.onapsis.com/research/security-advisories/sap-ucon-security-protection-bypass",
"refsource" : "MISC",
"url" : "https://www.onapsis.com/research/security-advisories/sap-ucon-security-protection-bypass"
},
{
"name" : "93501",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93501"
},
{
"name": "https://www.onapsis.com/research/security-advisories/sap-ucon-security-protection-bypass",
"refsource": "MISC",
"url": "https://www.onapsis.com/research/security-advisories/sap-ucon-security-protection-bypass"
},
{
"name": "20161011 Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Oct/48"
}
]
}
}

140
2016/3xxx/CVE-2016-3643.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3643",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by \"sudo cat /etc/passwd.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39967",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39967/"
},
{
"name" : "20160615 CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Jun/26"
},
{
"name" : "http://packetstormsecurity.com/files/137487/Solarwinds-Virtualization-Manager-6.3.1-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/137487/Solarwinds-Virtualization-Manager-6.3.1-Privilege-Escalation.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by \"sudo cat /etc/passwd.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39967",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39967/"
},
{
"name": "20160615 CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jun/26"
},
{
"name": "http://packetstormsecurity.com/files/137487/Solarwinds-Virtualization-Manager-6.3.1-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137487/Solarwinds-Virtualization-Manager-6.3.1-Privilege-Escalation.html"
}
]
}
}

120
2016/3xxx/CVE-2016-3676.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3676",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-dongle-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-dongle-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-dongle-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-dongle-en"
}
]
}
}

130
2016/3xxx/CVE-2016-3957.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3957",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://devco.re/blog/2017/01/03/web2py-unserialize-code-execution-CVE-2016-3957/",
"refsource" : "MISC",
"url" : "https://devco.re/blog/2017/01/03/web2py-unserialize-code-execution-CVE-2016-3957/"
},
{
"name" : "https://github.com/web2py/web2py/blob/R-2.14.1/gluon/utils.py#L200",
"refsource" : "MISC",
"url" : "https://github.com/web2py/web2py/blob/R-2.14.1/gluon/utils.py#L200"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://devco.re/blog/2017/01/03/web2py-unserialize-code-execution-CVE-2016-3957/",
"refsource": "MISC",
"url": "https://devco.re/blog/2017/01/03/web2py-unserialize-code-execution-CVE-2016-3957/"
},
{
"name": "https://github.com/web2py/web2py/blob/R-2.14.1/gluon/utils.py#L200",
"refsource": "MISC",
"url": "https://github.com/web2py/web2py/blob/R-2.14.1/gluon/utils.py#L200"
}
]
}
}

34
2016/8xxx/CVE-2016-8240.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8240",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8240",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

220
2016/8xxx/CVE-2016-8645.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-8645",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161111 CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/11/3"
},
{
"name" : "[oss-security] 20161130 Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/30/3"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1393904",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1393904"
},
{
"name" : "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3"
},
{
"name" : "RHSA-2017:2669",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name" : "RHSA-2017:1842",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name" : "RHSA-2017:2077",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name" : "94264",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94264"
},
{
"name" : "1037285",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037285"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161130 Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/30/3"
},
{
"name": "RHSA-2017:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904"
},
{
"name": "94264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94264"
},
{
"name": "1037285",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037285"
},
{
"name": "RHSA-2017:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10"
},
{
"name": "[oss-security] 20161111 CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/3"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3"
},
{
"name": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3"
}
]
}
}

160
2016/9xxx/CVE-2016-9109.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-7563."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161030 Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/30/13"
},
{
"name" : "[oss-security] 20161030 Re: Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/30/4"
},
{
"name" : "[oss-security] 20161107 Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/07/5"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697136#c4",
"refsource" : "CONFIRM",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697136#c4"
},
{
"name" : "94150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-7563."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161030 Re: Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/4"
},
{
"name": "94150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94150"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697136#c4",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697136#c4"
},
{
"name": "[oss-security] 20161107 Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/07/5"
},
{
"name": "[oss-security] 20161030 Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/13"
}
]
}
}

34
2016/9xxx/CVE-2016-9174.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9174",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9174",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

190
2016/9xxx/CVE-2016-9817.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161129 Xen Security Advisory 201 - ARM guests may induce host asynchronous abort",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/29/3"
},
{
"name" : "[oss-security] 20161204 Re: Xen Security Advisory 201 - ARM guests may induce host asynchronous abort",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/05/7"
},
{
"name" : "http://xenbits.xen.org/xsa/advisory-201.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-201.html"
},
{
"name" : "http://xenbits.xen.org/xsa/xsa201-3-4.7.patch",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/xsa201-3-4.7.patch"
},
{
"name" : "http://xenbits.xen.org/xsa/xsa201-3.patch",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/xsa201-3.patch"
},
{
"name" : "GLSA-201612-56",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-56"
},
{
"name" : "94581",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94581"
},
{
"name" : "1037358",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037358"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-201.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-201.html"
},
{
"name": "GLSA-201612-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-56"
},
{
"name": "http://xenbits.xen.org/xsa/xsa201-3-4.7.patch",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/xsa201-3-4.7.patch"
},
{
"name": "1037358",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037358"
},
{
"name": "[oss-security] 20161129 Xen Security Advisory 201 - ARM guests may induce host asynchronous abort",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/29/3"
},
{
"name": "94581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94581"
},
{
"name": "http://xenbits.xen.org/xsa/xsa201-3.patch",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/xsa201-3.patch"
},
{
"name": "[oss-security] 20161204 Re: Xen Security Advisory 201 - ARM guests may induce host asynchronous abort",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/7"
}
]
}
}

178
2016/9xxx/CVE-2016-9988.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-06-30T00:00:00",
"ID" : "CVE-2016-9988",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jazz Reporting Service",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-06-30T00:00:00",
"ID": "CVE-2016-9988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jazz Reporting Service",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120554",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120554"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22001007",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22001007"
},
{
"name" : "99353",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99353"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120554",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120554"
},
{
"name": "99353",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99353"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001007",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001007"
}
]
}
}

34
2019/2xxx/CVE-2019-2010.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2010",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2010",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2331.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2331",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2331",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2683.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2683",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2683",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6040.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6040",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6040",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6142.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6142",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6142",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6272.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6272",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6272",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6757.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6757",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6757",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/7xxx/CVE-2019-7627.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7627",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7627",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2019/7xxx/CVE-2019-7744.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://developer.joomla.org/security-centre/765-20190201-core-lack-of-url-filtering-in-various-core-components",
"refsource" : "MISC",
"url" : "https://developer.joomla.org/security-centre/765-20190201-core-lack-of-url-filtering-in-various-core-components"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/765-20190201-core-lack-of-url-filtering-in-various-core-components",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/765-20190201-core-lack-of-url-filtering-in-various-core-components"
}
]
}
}