admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:23:03 +00:00
parent 517c748976
commit 547211abac
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4337 additions and 4337 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2006/1xxx/CVE-2006-1702.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1702", "ID": "CVE-2006-1702",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060409 Vulnerabilities in SPIP", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/430443/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter."
{ }
"name" : "17423", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17423" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "spip-spiplogin-file-include(25711)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "17423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17423"
},
{
"name": "20060409 Vulnerabilities in SPIP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430443/100/0/threaded"
},
{
"name": "spip-spiplogin-file-include(25711)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711"
}
]
}
}

210
2006/1xxx/CVE-2006-1884.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1884", "ID": "CVE-2006-1884",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01."
{ }
"name" : "HPSBMA02113", ]
"refsource" : "HP", },
"url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT061148", "description": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17590", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/17590" ]
}, },
{ "references": {
"name" : "ADV-2006-1397", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1397" "name": "19712",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19712"
"name" : "ADV-2006-1571", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1571" "name": "oracle-ebusiness-multiple-unspecifed(26058)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26058"
"name" : "1015961", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015961" "name": "19859",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19859"
"name" : "19712", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19712" "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html"
"name" : "19859", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19859" "name": "ADV-2006-1571",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1571"
"name" : "oracle-ebusiness-multiple-unspecifed(26058)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26058" "name": "17590",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/17590"
} },
} {
"name": "SSRT061148",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"
},
{
"name": "ADV-2006-1397",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1397"
},
{
"name": "HPSBMA02113",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"
},
{
"name": "1015961",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015961"
}
]
}
}

170
2006/5xxx/CVE-2006-5125.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5125", "ID": "CVE-2006-5125",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target parameter, which triggers a directory listing through the opendir function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://kernel-32.blogspot.com/2006/09/php-mywebmin-10-remote-file-include.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://kernel-32.blogspot.com/2006/09/php-mywebmin-10-remote-file-include.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target parameter, which triggers a directory listing through the opendir function."
{ }
"name" : "2451", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/2451" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20264", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20264" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-3846", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/3846" ]
}, },
{ "references": {
"name" : "22178", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22178" "name": "ADV-2006-3846",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3846"
"name" : "phpmywebmin-window-info-disclosure(29259)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29259" "name": "20264",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/20264"
} },
} {
"name": "2451",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2451"
},
{
"name": "22178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22178"
},
{
"name": "phpmywebmin-window-info-disclosure(29259)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29259"
},
{
"name": "http://kernel-32.blogspot.com/2006/09/php-mywebmin-10-remote-file-include.html",
"refsource": "MISC",
"url": "http://kernel-32.blogspot.com/2006/09/php-mywebmin-10-remote-file-include.html"
}
]
}
}

140
2006/5xxx/CVE-2006-5423.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5423", "ID": "CVE-2006-5423",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20609", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20609" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
{ }
"name" : "ADV-2006-4087", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/4087" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "22461", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22461" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "22461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22461"
},
{
"name": "20609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20609"
},
{
"name": "ADV-2006-4087",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4087"
}
]
}
}

330
2006/5xxx/CVE-2006-5542.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5542", "ID": "CVE-2006-5542",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://projects.commandprompt.com/public/pgsql/changeset/25953", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://projects.commandprompt.com/public/pgsql/changeset/25953" "lang": "eng",
}, "value": "backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements."
{ }
"name" : "http://www.postgresql.org/about/news.664", ]
"refsource" : "CONFIRM", },
"url" : "http://www.postgresql.org/about/news.664" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm" ]
}, },
{ "references": {
"name" : "MDKSA-2006:194", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:194" "name": "MDKSA-2006:194",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:194"
"name" : "RHSA-2007:0067", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0067.html" "name": "USN-369-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-369-2"
"name" : "RHSA-2007:0068", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0068.html" "name": "1017115",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1017115"
"name" : "SUSE-SR:2006:027", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_27_sr.html" "name": "RHSA-2007:0068",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2007-0068.html"
"name" : "2006-0059", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2006/0059/" "name": "ADV-2006-4182",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4182"
"name" : "USN-369-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-369-1" "name": "22606",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22606"
"name" : "USN-369-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-369-2" "name": "http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html",
}, "refsource": "CONFIRM",
{ "url": "http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html"
"name" : "20717", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20717" "name": "http://www.postgresql.org/about/news.664",
}, "refsource": "CONFIRM",
{ "url": "http://www.postgresql.org/about/news.664"
"name" : "oval:org.mitre.oval:def:10122", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10122" "name": "oval:org.mitre.oval:def:10122",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10122"
"name" : "ADV-2006-4182", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4182" "name": "23048",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23048"
"name" : "1017115", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017115" "name": "24577",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/24577"
"name" : "22562", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22562" "name": "SUSE-SR:2006:027",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_27_sr.html"
"name" : "22584", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22584" "name": "http://projects.commandprompt.com/public/pgsql/changeset/25953",
}, "refsource": "CONFIRM",
{ "url": "http://projects.commandprompt.com/public/pgsql/changeset/25953"
"name" : "22636", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22636" "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm"
"name" : "22606", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22606" "name": "23132",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23132"
"name" : "23048", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23048" "name": "USN-369-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-369-1"
"name" : "23132", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23132" "name": "22636",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22636"
"name" : "24577", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24577" "name": "RHSA-2007:0067",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2007-0067.html"
} },
} {
"name": "2006-0059",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0059/"
},
{
"name": "22562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22562"
},
{
"name": "22584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22584"
},
{
"name": "20717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20717"
}
]
}
}

160
2006/5xxx/CVE-2006-5640.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5640", "ID": "CVE-2006-5640",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2684", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2684" "lang": "eng",
}, "value": "SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter."
{ }
"name" : "20802", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20802" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4277", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4277" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22600", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22600" ]
}, },
{ "references": {
"name" : "technodreamsgb-guestbook-sql-injection(29869)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29869" "name": "22600",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/22600"
} },
} {
"name": "20802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20802"
},
{
"name": "ADV-2006-4277",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4277"
},
{
"name": "technodreamsgb-guestbook-sql-injection(29869)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29869"
},
{
"name": "2684",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2684"
}
]
}
}

140
2006/5xxx/CVE-2006-5805.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5805", "ID": "CVE-2006-5805",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061103 IE7 website security certificate discrediting exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/450722/100/0/threaded" "lang": "eng",
}, "value": "Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid."
{ }
"name" : "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html", ]
"refsource" : "MISC", },
"url" : "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1017165", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017165" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1017165",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017165"
},
{
"name": "20061103 IE7 website security certificate discrediting exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450722/100/0/threaded"
},
{
"name": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html",
"refsource": "MISC",
"url": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html"
}
]
}
}

150
2006/5xxx/CVE-2006-5838.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5838", "ID": "CVE-2006-5838",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in lib/class.Database.php in NewP News Publication System 1.0.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061107 News publication system remote File include", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/450823/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in lib/class.Database.php in NewP News Publication System 1.0.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the path parameter."
{ }
"name" : "20893", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20893" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1835", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1835" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "newp-database-file-include(30086)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30086" ]
} },
] "references": {
} "reference_data": [
} {
"name": "newp-database-file-include(30086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30086"
},
{
"name": "1835",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1835"
},
{
"name": "20061107 News publication system remote File include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450823/100/0/threaded"
},
{
"name": "20893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20893"
}
]
}
}

180
2007/2xxx/CVE-2007-2009.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2009", "ID": "CVE-2007-2009",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070411 New bug :)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/465343/100/100/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter."
{ }
"name" : "3705", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/3705" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20070412 true: SimpCMS Light RFI", "description": [
"refsource" : "VIM", {
"url" : "http://www.attrition.org/pipermail/vim/2007-April/001513.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23439", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/23439" ]
}, },
{ "references": {
"name" : "ADV-2007-1348", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1348" "name": "ADV-2007-1348",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/1348"
"name" : "24851", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24851" "name": "simpcms-index-file-include(33572)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33572"
"name" : "simpcms-index-file-include(33572)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33572" "name": "3705",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/3705"
} },
} {
"name": "20070412 true: SimpCMS Light RFI",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-April/001513.html"
},
{
"name": "20070411 New bug :)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465343/100/100/threaded"
},
{
"name": "24851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24851"
},
{
"name": "23439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23439"
}
]
}
}

170
2007/2xxx/CVE-2007-2373.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2373", "ID": "CVE-2007-2373",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080218 XOOPS Module wflinks SQL Injection(cid)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/488316/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter."
{ }
"name" : "20080220 Re: XOOPS Module wflinks SQL Injection(cid)", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/488375/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3670", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/3670" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.org/0704-exploits/xoopswflinks-sql.txt", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.org/0704-exploits/xoopswflinks-sql.txt" ]
}, },
{ "references": {
"name" : "23340", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/23340" "name": "3670",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/3670"
"name" : "ADV-2007-1275", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1275" "name": "http://packetstormsecurity.org/0704-exploits/xoopswflinks-sql.txt",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.org/0704-exploits/xoopswflinks-sql.txt"
} },
} {
"name": "23340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23340"
},
{
"name": "20080220 Re: XOOPS Module wflinks SQL Injection(cid)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488375/100/0/threaded"
},
{
"name": "20080218 XOOPS Module wflinks SQL Injection(cid)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488316/100/0/threaded"
},
{
"name": "ADV-2007-1275",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1275"
}
]
}
}

210
2007/2xxx/CVE-2007-2392.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2392", "ID": "CVE-2007-2392",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://docs.info.apple.com/article.html?artnum=305947", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=305947" "lang": "eng",
}, "value": "Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption."
{ }
"name" : "APPLE-SA-2007-07-11", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA07-193A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-193A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#582681", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/582681" ]
}, },
{ "references": {
"name" : "24873", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24873" "name": "26034",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26034"
"name" : "ADV-2007-2510", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2510" "name": "1018373",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018373"
"name" : "36136", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36136" "name": "VU#582681",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/582681"
"name" : "1018373", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018373" "name": "TA07-193A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"
"name" : "26034", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26034" "name": "quicktime-moviefile-code-execution(35353)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35353"
"name" : "quicktime-moviefile-code-execution(35353)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35353" "name": "ADV-2007-2510",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2007/2510"
} },
} {
"name": "24873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24873"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305947",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305947"
},
{
"name": "36136",
"refsource": "OSVDB",
"url": "http://osvdb.org/36136"
},
{
"name": "APPLE-SA-2007-07-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"
}
]
}
}

170
2007/2xxx/CVE-2007-2421.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2421", "ID": "CVE-2007-2421",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-009_e/index-e.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-009_e/index-e.html" "lang": "eng",
}, "value": "Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors."
{ }
"name" : "23690", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/23690" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-1562", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1562" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35437", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/35437" ]
}, },
{ "references": {
"name" : "25020", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25020" "name": "ADV-2007-1562",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/1562"
"name" : "hitachi-groupmax-unspecified-bo(33953)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33953" "name": "35437",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/35437"
} },
} {
"name": "23690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23690"
},
{
"name": "hitachi-groupmax-unspecified-bo(33953)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33953"
},
{
"name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-009_e/index-e.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-009_e/index-e.html"
},
{
"name": "25020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25020"
}
]
}
}

150
2007/2xxx/CVE-2007-2999.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2999", "ID": "CVE-2007-2999",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/" "lang": "eng",
}, "value": "Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names."
{ }
"name" : "24248", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24248" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36138", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36138" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25457", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/25457" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/",
"refsource": "MISC",
"url": "http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/"
},
{
"name": "25457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25457"
},
{
"name": "24248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24248"
},
{
"name": "36138",
"refsource": "OSVDB",
"url": "http://osvdb.org/36138"
}
]
}
}

170
2007/6xxx/CVE-2007-6471.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6471", "ID": "CVE-2007-6471",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\\ (dot dot backslash) in the config parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071214 Phpay - Local File Inclusion", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/485149/100/0/threaded" "lang": "eng",
}, "value": "Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\\ (dot dot backslash) in the config parameter."
{ }
"name" : "26881", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/26881" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-4231", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/4231" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28111", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/28111" ]
}, },
{ "references": {
"name" : "3466", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3466" "name": "ADV-2007-4231",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/4231"
"name" : "phpay-main-file-include(39063)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39063" "name": "20071214 Phpay - Local File Inclusion",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/485149/100/0/threaded"
} },
} {
"name": "26881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26881"
},
{
"name": "phpay-main-file-include(39063)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39063"
},
{
"name": "28111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28111"
},
{
"name": "3466",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3466"
}
]
}
}

160
2007/6xxx/CVE-2007-6707.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6707", "ID": "CVE-2007-6707",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080301 The Router Hacking Challenge is Over!", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574."
{ }
"name" : "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/", ]
"refsource" : "MISC", },
"url" : "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", "description": [
"refsource" : "MISC", {
"url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "43539", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/43539" ]
}, },
{ "references": {
"name" : "linksys-wag54gs-setup-xss(41270)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41270" "name": "20080301 The Router Hacking Challenge is Over!",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
} },
} {
"name": "linksys-wag54gs-setup-xss(41270)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41270"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "43539",
"refsource": "OSVDB",
"url": "http://osvdb.org/43539"
}
]
}
}

370
2010/0xxx/CVE-2010-0177.json
View File

@ -1,187 +1,187 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0177", "ID": "CVE-2010-0177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a \"dangling pointer vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100402 ZDI-10-049: Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/510540/100/0/threaded" "lang": "eng",
}, "value": "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a \"dangling pointer vulnerability.\""
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-049", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-049" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-19.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-19.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=538310", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=538310" ]
}, },
{ "references": {
"name" : "DSA-2027", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2027" "name": "20100402 ZDI-10-049: Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/510540/100/0/threaded"
"name" : "MDVSA-2010:070", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070" "name": "39397",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39397"
"name" : "RHSA-2010:0332", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0332.html" "name": "RHSA-2010:0333",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0333.html"
"name" : "RHSA-2010:0333", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0333.html" "name": "39308",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39308"
"name" : "SUSE-SR:2010:013", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" "name": "39136",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39136"
"name" : "USN-921-1", },
"refsource" : "UBUNTU", {
"url" : "http://ubuntu.com/usn/usn-921-1" "name": "firefox-nspluginarray-code-execution(57393)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57393"
"name" : "oval:org.mitre.oval:def:10833", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10833" "name": "ADV-2010-0781",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0781"
"name" : "oval:org.mitre.oval:def:7622", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7622" "name": "USN-921-1",
}, "refsource": "UBUNTU",
{ "url": "http://ubuntu.com/usn/usn-921-1"
"name" : "1023776", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023776" "name": "1023776",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1023776"
"name" : "38566", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38566" "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-19.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-19.html"
"name" : "39117", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39117" "name": "oval:org.mitre.oval:def:7622",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7622"
"name" : "39136", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39136" "name": "SUSE-SR:2010:013",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
"name" : "39240", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39240" "name": "ADV-2010-0764",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0764"
"name" : "39243", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39243" "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-049",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-049"
"name" : "39308", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39308" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=538310",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=538310"
"name" : "39397", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39397" "name": "ADV-2010-0765",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0765"
"name" : "ADV-2010-0748", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0748" "name": "MDVSA-2010:070",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"
"name" : "ADV-2010-0764", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0764" "name": "38566",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38566"
"name" : "ADV-2010-0765", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0765" "name": "oval:org.mitre.oval:def:10833",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10833"
"name" : "ADV-2010-0781", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0781" "name": "39117",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39117"
"name" : "ADV-2010-0849", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0849" "name": "39243",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39243"
"name" : "firefox-nspluginarray-code-execution(57393)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57393" "name": "ADV-2010-0748",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2010/0748"
} },
} {
"name": "ADV-2010-0849",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0849"
},
{
"name": "DSA-2027",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2027"
},
{
"name": "RHSA-2010:0332",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0332.html"
},
{
"name": "39240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39240"
}
]
}
}

180
2010/0xxx/CVE-2010-0664.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0664", "ID": "CVE-2010-0664",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://exchange.kg/other/chrome3_0day-denial_of_service_crash.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://exchange.kg/other/chrome3_0day-denial_of_service_crash.html" "lang": "eng",
}, "value": "Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring."
{ }
"name" : "http://twitter.com/akirsanov/statuses/7370288490", ]
"refsource" : "MISC", },
"url" : "http://twitter.com/akirsanov/statuses/7370288490" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/chromium/issues/detail?id=31517", "description": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=31517" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", ]
"refsource" : "CONFIRM", }
"url" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" ]
}, },
{ "references": {
"name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" "name": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html"
"name" : "oval:org.mitre.oval:def:14097", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14097" "name": "http://code.google.com/p/chromium/issues/detail?id=31517",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=31517"
"name" : "1023506", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023506" "name": "1023506",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1023506"
} },
} {
"name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs",
"refsource": "CONFIRM",
"url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs"
},
{
"name": "oval:org.mitre.oval:def:14097",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14097"
},
{
"name": "http://twitter.com/akirsanov/statuses/7370288490",
"refsource": "MISC",
"url": "http://twitter.com/akirsanov/statuses/7370288490"
},
{
"name": "http://exchange.kg/other/chrome3_0day-denial_of_service_crash.html",
"refsource": "MISC",
"url": "http://exchange.kg/other/chrome3_0day-denial_of_service_crash.html"
}
]
}
}

150
2010/1xxx/CVE-2010-1174.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1174", "ID": "CVE-2010-1174",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "11878", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/11878" "lang": "eng",
}, "value": "Cisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet. NOTE: some of these details are obtained from third party information."
{ }
"name" : "38968", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/38968" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39116", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39116" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "cisco-tftp-dos(57165)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57165" ]
} },
] "references": {
} "reference_data": [
} {
"name": "39116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39116"
},
{
"name": "11878",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11878"
},
{
"name": "38968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38968"
},
{
"name": "cisco-tftp-dos(57165)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57165"
}
]
}
}

160
2010/1xxx/CVE-2010-1242.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1242", "ID": "CVE-2010-1242",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24025662", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24025662" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "IO11274", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IO11274" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39186", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39186" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2010-0733", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2010/0733" ]
}, },
{ "references": {
"name" : "ADV-2011-0834", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0834" "name": "ADV-2011-0834",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2011/0834"
} },
} {
"name": "39186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39186"
},
{
"name": "ADV-2010-0733",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0733"
},
{
"name": "IO11274",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IO11274"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24025662",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025662"
}
]
}
}

160
2010/1xxx/CVE-2010-1618.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1618", "ID": "CVE-2010-1618",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://moodle.org/security/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://moodle.org/security/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message."
{ }
"name" : "http://www.ja-sig.org/issues/browse/PHPCAS-52", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ja-sig.org/issues/browse/PHPCAS-52" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SR:2010:011", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" ]
}, },
{ "references": {
"name" : "ADV-2010-1107", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1107" "name": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog",
} "refsource": "CONFIRM",
] "url": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog"
} },
} {
"name": "ADV-2010-1107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "http://moodle.org/security/",
"refsource": "CONFIRM",
"url": "http://moodle.org/security/"
},
{
"name": "SUSE-SR:2010:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "http://www.ja-sig.org/issues/browse/PHPCAS-52",
"refsource": "CONFIRM",
"url": "http://www.ja-sig.org/issues/browse/PHPCAS-52"
}
]
}
}

230
2010/1xxx/CVE-2010-1639.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-1639", "ID": "CVE-2010-1639",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=f0eb394501ec21b9fe67f36cbf5db788711d4236#patch2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=f0eb394501ec21b9fe67f36cbf5db788711d4236#patch2" "lang": "eng",
}, "value": "The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length."
{ }
"name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016", ]
"refsource" : "CONFIRM", },
"url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2011-2741", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2011-2743", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html" ]
}, },
{ "references": {
"name" : "MDVSA-2010:110", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:110" "name": "1024017",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024017"
"name" : "SUSE-SR:2010:014", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" "name": "clamav-clipdf-dos(58824)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58824"
"name" : "40317", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40317" "name": "40317",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/40317"
"name" : "1024017", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024017" "name": "43752",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43752"
"name" : "39895", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39895" "name": "ADV-2010-1214",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1214"
"name" : "43752", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43752" "name": "MDVSA-2010:110",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:110"
"name" : "ADV-2010-1214", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1214" "name": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=f0eb394501ec21b9fe67f36cbf5db788711d4236#patch2",
}, "refsource": "CONFIRM",
{ "url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=f0eb394501ec21b9fe67f36cbf5db788711d4236#patch2"
"name" : "clamav-clipdf-dos(58824)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58824" "name": "FEDORA-2011-2743",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html"
} },
} {
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "39895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39895"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016"
},
{
"name": "FEDORA-2011-2741",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html"
}
]
}
}

210
2010/1xxx/CVE-2010-1644.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-1644", "ID": "CVE-2010-1644",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100521 Cacti Multiple Parameter Cross Site Scripting Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/511393" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php."
{ }
"name" : "http://svn.cacti.net/viewvc?view=rev&revision=5901", ]
"refsource" : "CONFIRM", },
"url" : "http://svn.cacti.net/viewvc?view=rev&revision=5901" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.cacti.net/release_notes_0_8_7f.php", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.cacti.net/release_notes_0_8_7f.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=609093", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=609093" ]
}, },
{ "references": {
"name" : "MDVSA-2010:160", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160" "name": "ADV-2010-1203",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1203"
"name" : "RHSA-2010:0635", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0635.html" "name": "MDVSA-2010:160",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
"name" : "40332", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40332" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=609093",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=609093"
"name" : "41041", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41041" "name": "41041",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41041"
"name" : "ADV-2010-1203", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1203" "name": "http://www.cacti.net/release_notes_0_8_7f.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.cacti.net/release_notes_0_8_7f.php"
"name" : "ADV-2010-2132", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2132" "name": "RHSA-2010:0635",
} "refsource": "REDHAT",
] "url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html"
} },
} {
"name": "20100521 Cacti Multiple Parameter Cross Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511393"
},
{
"name": "ADV-2010-2132",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2132"
},
{
"name": "40332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40332"
},
{
"name": "http://svn.cacti.net/viewvc?view=rev&revision=5901",
"refsource": "CONFIRM",
"url": "http://svn.cacti.net/viewvc?view=rev&revision=5901"
}
]
}
}

150
2010/4xxx/CVE-2010-4027.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2010-4027", "ID": "CVE-2010-4027",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBMI02582", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=128820226417721&w=2" "lang": "eng",
}, "value": "Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors."
{ }
"name" : "SSRT100269", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=128820226417721&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1024658", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024658" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "42023", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/42023" ]
} },
] "references": {
} "reference_data": [
} {
"name": "SSRT100269",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128820226417721&w=2"
},
{
"name": "1024658",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024658"
},
{
"name": "HPSBMI02582",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128820226417721&w=2"
},
{
"name": "42023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42023"
}
]
}
}

220
2010/4xxx/CVE-2010-4051.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4051", "ID": "CVE-2010-4051",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities", "description_data": [
"refsource" : "SREASONRES", {
"url" : "http://securityreason.com/achievement_securityalert/93" "lang": "eng",
}, "value": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\""
{ }
"name" : "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/515589/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15935", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/15935" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities", ]
"refsource" : "FULLDISC", }
"url" : "http://seclists.org/fulldisclosure/2011/Jan/78" ]
}, },
{ "references": {
"name" : "http://cxib.net/stuff/proftpd.gnu.c", "reference_data": [
"refsource" : "MISC", {
"url" : "http://cxib.net/stuff/proftpd.gnu.c" "name": "42547",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42547"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=645859", },
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=645859" "name": "1024832",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1024832"
"name" : "VU#912279", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/912279" "name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2011/Jan/78"
"name" : "45233", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45233" "name": "VU#912279",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/912279"
"name" : "1024832", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024832" "name": "45233",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/45233"
"name" : "42547", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42547" "name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/515589/100/0/threaded"
"name" : "8003", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8003" "name": "http://cxib.net/stuff/proftpd.gnu.c",
} "refsource": "MISC",
] "url": "http://cxib.net/stuff/proftpd.gnu.c"
} },
} {
"name": "15935",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15935"
},
{
"name": "8003",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8003"
},
{
"name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/93"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=645859",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=645859"
}
]
}
}

150
2010/4xxx/CVE-2010-4173.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-4173", "ID": "CVE-2010-4173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20101116 CVE Request: libsdp", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/11/16/2" "lang": "eng",
}, "value": "The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file."
{ }
"name" : "[oss-security] 20101116 Re: CVE Request: libsdp", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/11/16/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=647941", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=647941" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[oss-security] 20101116 Re: CVE Request: libsdp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/16/7"
},
{
"name": "http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz",
"refsource": "CONFIRM",
"url": "http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz"
},
{
"name": "[oss-security] 20101116 CVE Request: libsdp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/16/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=647941",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=647941"
}
]
}
}

160
2010/4xxx/CVE-2010-4828.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4828", "ID": "CVE-2010-4828",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20101207 Multiple XSS in Solarwinds Orion NPM 10.1", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/515083/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx."
{ }
"name" : "45257", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/45257" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "42486", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42486" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8349", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/8349" ]
}, },
{ "references": {
"name" : "orion-network-multiple-xss(63956)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63956" "name": "42486",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/42486"
} },
} {
"name": "8349",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8349"
},
{
"name": "20101207 Multiple XSS in Solarwinds Orion NPM 10.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515083/100/0/threaded"
},
{
"name": "orion-network-multiple-xss(63956)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63956"
},
{
"name": "45257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45257"
}
]
}
}

34
2010/5xxx/CVE-2010-5124.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-5124", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-5124",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
} }
] ]
} }
} }

240
2014/0xxx/CVE-2014-0247.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0247", "ID": "CVE-2014-0247",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html" "lang": "eng",
}, "value": "LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx."
{ }
"name" : "https://bugs.mageia.org/show_bug.cgi?id=13580", ]
"refsource" : "MISC", },
"url" : "https://bugs.mageia.org/show_bug.cgi?id=13580" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://gerrit.libreoffice.org/gitweb?p=core.git;a=blobdiff;f=sfx2/source/doc/docmacromode.cxx;h=4d4ae52b4339582a039744d03671c1db0633d6c3;hp=2108d1920f8148ff60fd4a57684f295d6d733e7b;hb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d;hpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81", "description": [
"refsource" : "MISC", {
"url" : "https://gerrit.libreoffice.org/gitweb?p=core.git;a=blobdiff;f=sfx2/source/doc/docmacromode.cxx;h=4d4ae52b4339582a039744d03671c1db0633d6c3;hp=2108d1920f8148ff60fd4a57684f295d6d733e7b;hb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d;hpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/", ]
"refsource" : "CONFIRM", }
"url" : "https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/" ]
}, },
{ "references": {
"name" : "FEDORA-2014-7679", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135020.html" "name": "60799",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60799"
"name" : "GLSA-201408-19", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" "name": "GLSA-201408-19",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
"name" : "RHSA-2015:0377", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0377.html" "name": "FEDORA-2014-7679",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135020.html"
"name" : "openSUSE-SU-2014:0860", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00006.html" "name": "USN-2253-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2253-1"
"name" : "USN-2253-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2253-1" "name": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html",
}, "refsource": "MISC",
{ "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html"
"name" : "68151", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68151" "name": "https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/",
}, "refsource": "CONFIRM",
{ "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/"
"name" : "59330", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59330" "name": "68151",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/68151"
"name" : "57383", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57383" "name": "57383",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/57383"
"name" : "60799", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60799" "name": "openSUSE-SU-2014:0860",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00006.html"
} },
} {
"name": "https://gerrit.libreoffice.org/gitweb?p=core.git;a=blobdiff;f=sfx2/source/doc/docmacromode.cxx;h=4d4ae52b4339582a039744d03671c1db0633d6c3;hp=2108d1920f8148ff60fd4a57684f295d6d733e7b;hb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d;hpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81",
"refsource": "MISC",
"url": "https://gerrit.libreoffice.org/gitweb?p=core.git;a=blobdiff;f=sfx2/source/doc/docmacromode.cxx;h=4d4ae52b4339582a039744d03671c1db0633d6c3;hp=2108d1920f8148ff60fd4a57684f295d6d733e7b;hb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d;hpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81"
},
{
"name": "RHSA-2015:0377",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"
},
{
"name": "59330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59330"
},
{
"name": "https://bugs.mageia.org/show_bug.cgi?id=13580",
"refsource": "MISC",
"url": "https://bugs.mageia.org/show_bug.cgi?id=13580"
}
]
}
}

170
2014/0xxx/CVE-2014-0270.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2014-0270", "ID": "CVE-2014-0270",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0273, CVE-2014-0274, and CVE-2014-0288."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS14-010", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" "lang": "eng",
}, "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0273, CVE-2014-0274, and CVE-2014-0288."
{ }
"name" : "65367", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/65367" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "103170", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/103170" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1029741", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1029741" ]
}, },
{ "references": {
"name" : "56796", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56796" "name": "MS14-010",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010"
"name" : "ms-ie-cve20140270-code-exec(90761)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90761" "name": "1029741",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1029741"
} },
} {
"name": "103170",
"refsource": "OSVDB",
"url": "http://osvdb.org/103170"
},
{
"name": "56796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56796"
},
{
"name": "ms-ie-cve20140270-code-exec(90761)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90761"
},
{
"name": "65367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65367"
}
]
}
}

120
2014/0xxx/CVE-2014-0349.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-0349", "ID": "CVE-2014-0349",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in J2k-Codec allow remote attackers to execute arbitrary code via a crafted JPEG 2000 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#345337", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/345337" "lang": "eng",
} "value": "Multiple unspecified vulnerabilities in J2k-Codec allow remote attackers to execute arbitrary code via a crafted JPEG 2000 file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#345337",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/345337"
}
]
}
}

180
2014/0xxx/CVE-2014-0448.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-0448", "ID": "CVE-2014-0448",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201502-12", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBUX03091", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" ]
}, },
{ "references": {
"name" : "SSRT101667", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" "name": "HPSBUX03091",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
"name" : "RHSA-2014:0413", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2014:0413" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
"name" : "66904", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66904" "name": "66904",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/66904"
} },
} {
"name": "RHSA-2014:0413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"name": "SSRT101667",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
}
]
}
}

120
2014/1xxx/CVE-2014-1467.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-1467", "ID": "CVE-2014-1467",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.blackberry.com/btsc/KB35647", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.blackberry.com/btsc/KB35647" "lang": "eng",
} "value": "BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.blackberry.com/btsc/KB35647",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/KB35647"
}
]
}
}

34
2014/1xxx/CVE-2014-1821.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-1821", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-1821",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

170
2014/1xxx/CVE-2014-1832.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-1832", "ID": "CVE-2014-1832",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140129 Re: CVE request: temporary file issue in Passenger rubygem", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2014/01/29/6" "lang": "eng",
}, "value": "Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831."
{ }
"name" : "[oss-security] 20150130 Re: CVE request: temporary file issue in Passenger rubygem", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2014/01/30/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1058992", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1058992" ]
}, },
{ "references": {
"name" : "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0" "name": "[oss-security] 20140129 Re: CVE request: temporary file issue in Passenger rubygem",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2014/01/29/6"
"name" : "FEDORA-2015-1151", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html" "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958",
} "refsource": "CONFIRM",
] "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958"
} },
} {
"name": "[oss-security] 20150130 Re: CVE request: temporary file issue in Passenger rubygem",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/01/30/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992"
},
{
"name": "FEDORA-2015-1151",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html"
},
{
"name": "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0",
"refsource": "CONFIRM",
"url": "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0"
}
]
}
}

210
2014/4xxx/CVE-2014-4243.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-4243", "ID": "CVE-2014-4243",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED."
{ }
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" "name": "68611",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/68611"
"name" : "SUSE-SU-2014:1072", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html" "name": "oracle-cpujul2014-cve20144243(94628)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94628"
"name" : "68611", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68611" "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
"name" : "1030578", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030578" "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
"name" : "60425", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60425" "name": "1030578",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1030578"
"name" : "oracle-cpujul2014-cve20144243(94628)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94628" "name": "SUSE-SU-2014:1072",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "60425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60425"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

34
2014/4xxx/CVE-2014-4286.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-4286", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-4286",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4286. Reason: This candidate is a duplicate of CVE-2013-4286. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-4286 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4286. Reason: This candidate is a duplicate of CVE-2013-4286. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-4286 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

140
2014/4xxx/CVE-2014-4499.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-4499", "ID": "CVE-2014-4499",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/HT204244", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/HT204244" "lang": "eng",
}, "value": "The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file."
{ }
"name" : "APPLE-SA-2015-01-27-4", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031650", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031650" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}

180
2014/9xxx/CVE-2014-9020.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9020", "ID": "CVE-2014-9020",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141106 ZTE 831CII Multiple Vulnerablities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/533930/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases."
{ }
"name" : "20141106 ZTE ZXDSL 831 Multiple Cross Site Scripting", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/533931/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html" ]
}, },
{ "references": {
"name" : "70984", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70984" "name": "20141106 ZTE 831CII Multiple Vulnerablities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/533930/100/0/threaded"
"name" : "70985", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70985" "name": "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html"
"name" : "zte831cii-psilan-xss(98584)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98584" "name": "70984",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/70984"
} },
} {
"name": "http://packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html"
},
{
"name": "70985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70985"
},
{
"name": "zte831cii-psilan-xss(98584)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98584"
},
{
"name": "20141106 ZTE ZXDSL 831 Multiple Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533931/100/0/threaded"
}
]
}
}

130
2014/9xxx/CVE-2014-9154.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9154", "ID": "CVE-2014-9154",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.drupal.org/node/2320741", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.drupal.org/node/2320741" "lang": "eng",
}, "value": "The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email."
{ }
"name" : "https://www.drupal.org/node/2320693", ]
"refsource" : "CONFIRM", },
"url" : "https://www.drupal.org/node/2320693" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2320741",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2320741"
},
{
"name": "https://www.drupal.org/node/2320693",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2320693"
}
]
}
}

140
2014/9xxx/CVE-2014-9938.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9938", "ID": "CVE-2014-9938",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/njhartwell/pw3nage", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/njhartwell/pw3nage" "lang": "eng",
}, "value": "contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution."
{ }
"name" : "https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2017:2004", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2004" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/njhartwell/pw3nage",
"refsource": "MISC",
"url": "https://github.com/njhartwell/pw3nage"
},
{
"name": "https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f",
"refsource": "CONFIRM",
"url": "https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f"
},
{
"name": "RHSA-2017:2004",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2004"
}
]
}
}

150
2016/3xxx/CVE-2016-3467.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-3467", "ID": "CVE-2016-3467",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors."
{ }
"name" : "91787", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/91787" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "91894", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91894" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1036363", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1036363" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1036363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "91894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91894"
}
]
}
}

130
2016/3xxx/CVE-2016-3846.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-3846", "ID": "CVE-2016-3846",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-08-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-08-01.html" "lang": "eng",
}, "value": "The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378."
{ }
"name" : "92240", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/92240" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "92240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92240"
}
]
}
}

140
2016/7xxx/CVE-2016-7245.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-7245", "ID": "CVE-2016-7245",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS16-133", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133" "lang": "eng",
}, "value": "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
{ }
"name" : "94026", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94026" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037246", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037246" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94026"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
}
]
}
}

34
2016/7xxx/CVE-2016-7285.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-7285", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-7285",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

170
2016/7xxx/CVE-2016-7515.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2016-7515", "ID": "CVE-2016-7515",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2" "lang": "eng",
}, "value": "The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels."
{ }
"name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378741", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378741" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1" ]
}, },
{ "references": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/82", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/82" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378741",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378741"
"name" : "93120", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93120" "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2"
} },
} {
"name": "93120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93120"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/82",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/82"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1"
}
]
}
}

170
2016/7xxx/CVE-2016-7995.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-7995", "ID": "CVE-2016-7995",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161007 CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/10/07/3" "lang": "eng",
}, "value": "Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes."
{ }
"name" : "[oss-security] 20161008 Re: CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/10/08/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[qemu-devel] 20160926 Re: [PATCH] usb: ehci: fix memory leak in ehci_process_itd", "description": [
"refsource" : "MLIST", {
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=b16c129daf0fed91febbb88de23dae8271c8898a", ]
"refsource" : "CONFIRM", }
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=b16c129daf0fed91febbb88de23dae8271c8898a" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2016:3237", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" "name": "[qemu-devel] 20160926 Re: [PATCH] usb: ehci: fix memory leak in ehci_process_itd",
}, "refsource": "MLIST",
{ "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html"
"name" : "93454", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93454" "name": "openSUSE-SU-2016:3237",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
} },
} {
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=b16c129daf0fed91febbb88de23dae8271c8898a",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=b16c129daf0fed91febbb88de23dae8271c8898a"
},
{
"name": "[oss-security] 20161007 CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/3"
},
{
"name": "[oss-security] 20161008 Re: CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/4"
},
{
"name": "93454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93454"
}
]
}
}

140
2016/8xxx/CVE-2016-8232.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@lenovo.com", "ASSIGNER": "psirt@lenovo.com",
"ID" : "CVE-2016-8232", "ID": "CVE-2016-8232",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z", "product_name": "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z" "version_value": "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DOM-Based XSS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.lenovo.com/us/en/product_security/LEN-5700", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.lenovo.com/us/en/product_security/LEN-5700" "lang": "eng",
}, "value": "Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information."
{ }
"name" : "95839", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95839" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "lenovo-cve20168232-xss(121443)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443" "lang": "eng",
} "value": "DOM-Based XSS"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-5700",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-5700"
},
{
"name": "lenovo-cve20168232-xss(121443)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443"
},
{
"name": "95839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95839"
}
]
}
}

142
2016/8xxx/CVE-2016-8371.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2016-11-08T00:00:00", "DATE_PUBLIC": "2016-11-08T00:00:00",
"ID" : "CVE-2016-8371", "ID": "CVE-2016-8371",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Phoenix Contact ILC PLCs", "product_name": "Phoenix Contact ILC PLCs",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All ILC 1xx PLCs" "version_value": "All ILC 1xx PLCs"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Phoenix Contact" "vendor_name": "Phoenix Contact"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-592: Authentication Bypass Issues"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45590", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45590/" "lang": "eng",
}, "value": "The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled."
{ }
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-313-01", ]
"refsource" : "MISC", },
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-313-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94163", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94163" "lang": "eng",
} "value": "CWE-592: Authentication Bypass Issues"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-313-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-313-01"
},
{
"name": "45590",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45590/"
},
{
"name": "94163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94163"
}
]
}
}

130
2016/8xxx/CVE-2016-8508.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "browser-security@yandex-team.ru", "ASSIGNER": "browser-security@yandex-team.ru",
"ID" : "CVE-2016-8508", "ID": "CVE-2016-8508",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Yandex Browser for desktop", "product_name": "Yandex Browser for desktop",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 17.1.1.227 for OSx and Windows" "version_value": "before 17.1.1.227 for OSx and Windows"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Yandex N.V." "vendor_name": "Yandex N.V."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Yandex Browser Protect mechanism bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://yandex.com/blog/security-changelogs/fixed-in-version-17-1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://yandex.com/blog/security-changelogs/fixed-in-version-17-1" "lang": "eng",
}, "value": "Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site."
{ }
"name" : "96514", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96514" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Yandex Browser Protect mechanism bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96514"
},
{
"name": "https://yandex.com/blog/security-changelogs/fixed-in-version-17-1",
"refsource": "CONFIRM",
"url": "https://yandex.com/blog/security-changelogs/fixed-in-version-17-1"
}
]
}
}

34
2016/8xxx/CVE-2016-8852.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-8852", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-8852",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

180
2016/9xxx/CVE-2016-9191.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9191", "ID": "CVE-2016-9191",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161105 Re: CVE request: linux kernel - local DoS with cgroup offline code", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/11/05/4" "lang": "eng",
}, "value": "The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1392439", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1392439" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939" ]
}, },
{ "references": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03802en_us", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03802en_us" "name": "[oss-security] 20161105 Re: CVE request: linux kernel - local DoS with cgroup offline code",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/11/05/4"
"name" : "DSA-3791", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3791" "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03802en_us",
}, "refsource": "CONFIRM",
{ "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03802en_us"
"name" : "94129", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94129" "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939",
} "refsource": "CONFIRM",
] "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1392439",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1392439"
},
{
"name": "94129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94129"
},
{
"name": "https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939"
},
{
"name": "DSA-3791",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3791"
}
]
}
}

130
2016/9xxx/CVE-2016-9307.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9307", "ID": "CVE-2016-9307",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01" "lang": "eng",
}, "value": "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files."
{ }
"name" : "95802", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95802" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95802"
},
{
"name": "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01",
"refsource": "CONFIRM",
"url": "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01"
}
]
}
}

166
2016/9xxx/CVE-2016-9483.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cert@cert.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2016-9483", "ID": "CVE-2016-9483",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data" "TITLE": "PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Generator", "product_name": "Generator",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_name" : "2016-12-06", "version_name": "2016-12-06",
"version_value" : "2016-12-06" "version_value": "2016-12-06"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "PHP FormMail" "vendor_name": "PHP FormMail"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Thanks to Pouya Darabi for reporting this vulnerability."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-502"
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "Thanks to Pouya Darabi for reporting this vulnerability."
"name" : "VU#494015", }
"refsource" : "CERT-VN", ],
"url" : "https://www.kb.cert.org/vuls/id/494015" "data_format": "MITRE",
}, "data_type": "CVE",
{ "data_version": "4.0",
"name" : "94778", "description": {
"refsource" : "BID", "description_data": [
"url" : "http://www.securityfocus.com/bid/94778" {
} "lang": "eng",
] "value": "The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server."
}, }
"solution" : [ ]
{ },
"lang" : "eng", "problemtype": {
"value" : "The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches." "problemtype_data": [
} {
], "description": [
"source" : { {
"discovery" : "UNKNOWN" "lang": "eng",
} "value": "CWE-502"
} }
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#494015",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/494015"
},
{
"name": "94778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94778"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches."
}
],
"source": {
"discovery": "UNKNOWN"
}
}

34
2016/9xxx/CVE-2016-9520.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-9520", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-9520",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

130
2016/9xxx/CVE-2016-9885.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2016-9885", "ID": "CVE-2016-9885",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1", "product_name": "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1" "version_value": "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "gfsh exposed over go router for GemFire for PCF"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://pivotal.io/security/cve-2016-9885", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://pivotal.io/security/cve-2016-9885" "lang": "eng",
}, "value": "An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster."
{ }
"name" : "95270", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95270" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "gfsh exposed over go router for GemFire for PCF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95270",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95270"
},
{
"name": "https://pivotal.io/security/cve-2016-9885",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-9885"
}
]
}
}

34
2019/2xxx/CVE-2019-2424.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2424", "ID": "CVE-2019-2424",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2643.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2643", "ID": "CVE-2019-2643",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2984.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2984", "ID": "CVE-2019-2984",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }