admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:42:53 +00:00
parent 27842929b8
commit 568772cae7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 3651 additions and 3651 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/0xxx/CVE-2006-0141.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.eudora.co.nz/updates.html",
"refsource" : "CONFIRM",
"url" : "http://www.eudora.co.nz/updates.html"
},
{
"name" : "16179",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16179"
},
{
"name" : "ADV-2006-0099",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0099"
},
{
"name" : "18356",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18356"
},
{
"name" : "eims-corrupted-mail-dos(24033)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24033"
},
{
"name" : "eims-ntlm-auth-dos(24032)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0099",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0099"
},
{
"name": "eims-corrupted-mail-dos(24033)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24033"
},
{
"name": "16179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16179"
},
{
"name": "18356",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18356"
},
{
"name": "http://www.eudora.co.nz/updates.html",
"refsource": "CONFIRM",
"url": "http://www.eudora.co.nz/updates.html"
},
{
"name": "eims-ntlm-auth-dos(24032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24032"
}
]
}
}

34
2006/0xxx/CVE-2006-0326.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0326",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0326",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2006/0xxx/CVE-2006-0369.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the \"SELECT * FROM information_schema.views;\" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060120 MySQL 5.0 information leak?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422491/100/0/threaded"
},
{
"name" : "20060121 RE: MySQL 5.0 information leak?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422592/100/0/threaded"
},
{
"name" : "20060121 Re: MySQL 5.0 information leak?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422698/100/0/threaded"
},
{
"name" : "20060123 RE: MySQL 5.0 information leak?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423228/100/0/threaded"
},
{
"name" : "20060124 Re: MySQL 5.0 information leak?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423204/100/0/threaded"
},
{
"name" : "20060128 Re: MySQL 5.0 information leak?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423432/100/0/threaded"
},
{
"name" : "20060122 Re: MySQL 5.0 information leak?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423180/30/7310/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the \"SELECT * FROM information_schema.views;\" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060122 Re: MySQL 5.0 information leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423180/30/7310/threaded"
},
{
"name": "20060123 RE: MySQL 5.0 information leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423228/100/0/threaded"
},
{
"name": "20060120 MySQL 5.0 information leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422491/100/0/threaded"
},
{
"name": "20060124 Re: MySQL 5.0 information leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423204/100/0/threaded"
},
{
"name": "20060121 Re: MySQL 5.0 information leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422698/100/0/threaded"
},
{
"name": "20060121 RE: MySQL 5.0 information leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422592/100/0/threaded"
},
{
"name": "20060128 Re: MySQL 5.0 information leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423432/100/0/threaded"
}
]
}
}

220
2006/0xxx/CVE-2006-0587.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060214 Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html"
},
{
"name" : "20060216 Re: Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-02/0286.html"
},
{
"name" : "http://www.digitalarmaments.com/2006140293402395.html",
"refsource" : "MISC",
"url" : "http://www.digitalarmaments.com/2006140293402395.html"
},
{
"name" : "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release",
"refsource" : "CONFIRM",
"url" : "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release"
},
{
"name" : "16533",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16533"
},
{
"name" : "23256",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23256"
},
{
"name" : "22944",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22944"
},
{
"name" : "1015641",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015641"
},
{
"name" : "18735",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18735"
},
{
"name" : "gallery-util-file-include(24768)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24768"
},
{
"name" : "gallery-album-data-modification(24538)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24538"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16533"
},
{
"name": "1015641",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015641"
},
{
"name": "http://www.digitalarmaments.com/2006140293402395.html",
"refsource": "MISC",
"url": "http://www.digitalarmaments.com/2006140293402395.html"
},
{
"name": "20060216 Re: Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0286.html"
},
{
"name": "20060214 Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html"
},
{
"name": "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release"
},
{
"name": "22944",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22944"
},
{
"name": "18735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18735"
},
{
"name": "23256",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23256"
},
{
"name": "gallery-util-file-include(24768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24768"
},
{
"name": "gallery-album-data-modification(24538)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24538"
}
]
}
}

190
2006/1xxx/CVE-2006-1577.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
},
{
"name" : "DSA-1133",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1133"
},
{
"name" : "17326",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17326"
},
{
"name" : "ADV-2006-1184",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name" : "24292",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24292"
},
{
"name" : "19471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19471"
},
{
"name" : "21400",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21400"
},
{
"name" : "mantis-viewallset-script-xss(25579)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19471"
},
{
"name": "17326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17326"
},
{
"name": "24292",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24292"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "ADV-2006-1184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name": "mantis-viewallset-script-xss(25579)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"name": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
}
]
}
}

150
2006/1xxx/CVE-2006-1656.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1656",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://savannah.nongnu.org/patch/?func=detailitem&item_id=4966",
"refsource" : "CONFIRM",
"url" : "https://savannah.nongnu.org/patch/?func=detailitem&item_id=4966"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360438",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360438"
},
{
"name" : "https://savannah.nongnu.org/bugs/?func=detailitem&item_id=15996",
"refsource" : "MISC",
"url" : "https://savannah.nongnu.org/bugs/?func=detailitem&item_id=15996"
},
{
"name" : "17361",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17361"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://savannah.nongnu.org/patch/?func=detailitem&item_id=4966",
"refsource": "CONFIRM",
"url": "https://savannah.nongnu.org/patch/?func=detailitem&item_id=4966"
},
{
"name": "17361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17361"
},
{
"name": "https://savannah.nongnu.org/bugs/?func=detailitem&item_id=15996",
"refsource": "MISC",
"url": "https://savannah.nongnu.org/bugs/?func=detailitem&item_id=15996"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360438",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360438"
}
]
}
}

180
2006/1xxx/CVE-2006-1802.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1802",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060415 Tiny Web Gallery <= 1.4 XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431069/100/0/threaded"
},
{
"name" : "20060606 Re: Tiny Web Gallery <= 1.4 XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/436451/30/4560/threaded"
},
{
"name" : "17536",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17536"
},
{
"name" : "ADV-2006-1369",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1369"
},
{
"name" : "19660",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19660"
},
{
"name" : "717",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/717"
},
{
"name" : "tinywebgallery-index-xss(25831)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25831"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1369",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1369"
},
{
"name": "717",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/717"
},
{
"name": "20060415 Tiny Web Gallery <= 1.4 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431069/100/0/threaded"
},
{
"name": "19660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19660"
},
{
"name": "17536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17536"
},
{
"name": "tinywebgallery-index-xss(25831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25831"
},
{
"name": "20060606 Re: Tiny Web Gallery <= 1.4 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436451/30/4560/threaded"
}
]
}
}

180
2006/4xxx/CVE-2006-4528.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4528",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060831 Membrepass v1.5 Php code execution, Xss, Sql Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444845/100/0/threaded"
},
{
"name" : "http://acid-root.new.fr/advisories/09290806.txt",
"refsource" : "MISC",
"url" : "http://acid-root.new.fr/advisories/09290806.txt"
},
{
"name" : "19789",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19789"
},
{
"name" : "ADV-2006-3427",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3427"
},
{
"name" : "21715",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21715"
},
{
"name" : "1487",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1487"
},
{
"name" : "membrepass-test-xss(28691)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28691"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://acid-root.new.fr/advisories/09290806.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/advisories/09290806.txt"
},
{
"name": "20060831 Membrepass v1.5 Php code execution, Xss, Sql Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444845/100/0/threaded"
},
{
"name": "ADV-2006-3427",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3427"
},
{
"name": "19789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19789"
},
{
"name": "21715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21715"
},
{
"name": "membrepass-test-xss(28691)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28691"
},
{
"name": "1487",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1487"
}
]
}
}

330
2006/4xxx/CVE-2006-4868.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060919 Yet another 0day for IE",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446378/100/0/threaded"
},
{
"name" : "20060920 Internet Explorer VML Zero-Day Mitigation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446528/100/0/threaded"
},
{
"name" : "20060920 RE: vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446523/100/0/threaded"
},
{
"name" : "20060920 vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446505/100/0/threaded"
},
{
"name" : "20060926 Windows VML security update MS06-055 released",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447070/100/0/threaded"
},
{
"name" : "20060924 Windows VML Vulnerability FAQ (CVE-2006-4868) written",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446881/100/200/threaded"
},
{
"name" : "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html",
"refsource" : "MISC",
"url" : "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html"
},
{
"name" : "http://blogs.securiteam.com/index.php/archives/624",
"refsource" : "MISC",
"url" : "http://blogs.securiteam.com/index.php/archives/624"
},
{
"name" : "http://www.microsoft.com/technet/security/advisory/925568.mspx",
"refsource" : "CONFIRM",
"url" : "http://www.microsoft.com/technet/security/advisory/925568.mspx"
},
{
"name" : "HPSBST02160",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
},
{
"name" : "SSRT061254",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
},
{
"name" : "MS06-055",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055"
},
{
"name" : "925486",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/kb/925486"
},
{
"name" : "VU#416092",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/416092"
},
{
"name" : "TA06-262A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-262A.html"
},
{
"name" : "20096",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20096"
},
{
"name" : "ADV-2006-3679",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3679"
},
{
"name" : "28946",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28946"
},
{
"name" : "oval:org.mitre.oval:def:100",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100"
},
{
"name" : "1016879",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016879"
},
{
"name" : "21989",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21989"
},
{
"name" : "ie-vml-bo(29004)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blogs.securiteam.com/index.php/archives/624",
"refsource": "MISC",
"url": "http://blogs.securiteam.com/index.php/archives/624"
},
{
"name": "20060924 Windows VML Vulnerability FAQ (CVE-2006-4868) written",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446881/100/200/threaded"
},
{
"name": "20096",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20096"
},
{
"name": "20060920 RE: vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446523/100/0/threaded"
},
{
"name": "20060920 vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446505/100/0/threaded"
},
{
"name": "ADV-2006-3679",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3679"
},
{
"name": "VU#416092",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/416092"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/925568.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/925568.mspx"
},
{
"name": "925486",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/925486"
},
{
"name": "21989",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21989"
},
{
"name": "SSRT061254",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
},
{
"name": "HPSBST02160",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
},
{
"name": "MS06-055",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055"
},
{
"name": "TA06-262A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-262A.html"
},
{
"name": "20060920 Internet Explorer VML Zero-Day Mitigation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446528/100/0/threaded"
},
{
"name": "28946",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28946"
},
{
"name": "1016879",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016879"
},
{
"name": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html",
"refsource": "MISC",
"url": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html"
},
{
"name": "20060926 Windows VML security update MS06-055 released",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447070/100/0/threaded"
},
{
"name": "20060919 Yet another 0day for IE",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446378/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:100",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100"
},
{
"name": "ie-vml-bo(29004)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29004"
}
]
}
}

160
2006/5xxx/CVE-2006-5066.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060925 DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447002/100/0/threaded"
},
{
"name" : "20061014 Re: DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448693/100/0/threaded"
},
{
"name" : "20203",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20203"
},
{
"name" : "1648",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1648"
},
{
"name" : "danphpsupport-admin-index-xss(29175)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29175"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20203"
},
{
"name": "20060925 DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447002/100/0/threaded"
},
{
"name": "1648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1648"
},
{
"name": "20061014 Re: DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448693/100/0/threaded"
},
{
"name": "danphpsupport-admin-index-xss(29175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29175"
}
]
}
}

170
2006/5xxx/CVE-2006-5398.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5398",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061018 Simplog 0.9.3.1 SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449092/100/0/threaded"
},
{
"name" : "2574",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2574"
},
{
"name" : "http://www.simplog.org/archive.php?blogid=1&pid=57",
"refsource" : "CONFIRM",
"url" : "http://www.simplog.org/archive.php?blogid=1&pid=57"
},
{
"name" : "20556",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20556"
},
{
"name" : "1017087",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017087"
},
{
"name" : "simplog-comments-sql-injection(29590)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29590"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.simplog.org/archive.php?blogid=1&pid=57",
"refsource": "CONFIRM",
"url": "http://www.simplog.org/archive.php?blogid=1&pid=57"
},
{
"name": "2574",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2574"
},
{
"name": "20556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20556"
},
{
"name": "1017087",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017087"
},
{
"name": "20061018 Simplog 0.9.3.1 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449092/100/0/threaded"
},
{
"name": "simplog-comments-sql-injection(29590)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29590"
}
]
}
}

180
2006/5xxx/CVE-2006-5417.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5417",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061012 Mcafee Network Agent (mcnasvc.exe) Remote DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448546/100/0/threaded"
},
{
"name" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1659/exploit.html",
"refsource" : "MISC",
"url" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1659/exploit.html"
},
{
"name" : "20496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20496"
},
{
"name" : "1017057",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017057"
},
{
"name" : "22371",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22371"
},
{
"name" : "1750",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1750"
},
{
"name" : "mcafee-mcnasvc-dos(29501)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061012 Mcafee Network Agent (mcnasvc.exe) Remote DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448546/100/0/threaded"
},
{
"name": "1017057",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017057"
},
{
"name": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1659/exploit.html",
"refsource": "MISC",
"url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1659/exploit.html"
},
{
"name": "20496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20496"
},
{
"name": "mcafee-mcnasvc-dos(29501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29501"
},
{
"name": "22371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22371"
},
{
"name": "1750",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1750"
}
]
}
}

130
2010/0xxx/CVE-2010-0324.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/extensions/repository/view/ref_list/1.0.2/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/ref_list/1.0.2/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"name": "http://typo3.org/extensions/repository/view/ref_list/1.0.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/ref_list/1.0.2/"
}
]
}
}

180
2010/0xxx/CVE-2010-0578.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100324 Cisco IOS Software IPsec Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20ee5.shtml"
},
{
"name" : "38932",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38932"
},
{
"name" : "63182",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/63182"
},
{
"name" : "1023741",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023741"
},
{
"name" : "39057",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39057"
},
{
"name" : "ADV-2010-0709",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0709"
},
{
"name" : "ciscoios-vpn-dos(57148)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57148"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38932"
},
{
"name": "1023741",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023741"
},
{
"name": "20100324 Cisco IOS Software IPsec Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20ee5.shtml"
},
{
"name": "ciscoios-vpn-dos(57148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57148"
},
{
"name": "63182",
"refsource": "OSVDB",
"url": "http://osvdb.org/63182"
},
{
"name": "39057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39057"
},
{
"name": "ADV-2010-0709",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0709"
}
]
}
}

270
2010/2xxx/CVE-2010-2229.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2229",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100621 Re: CVE request: moodle 1.9.9/1.8.13 multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/06/21/2"
},
{
"name" : "http://cvs.moodle.org/moodle/blog/lib.php?r1=1.62.2.9&r2=1.62.2.10",
"refsource" : "CONFIRM",
"url" : "http://cvs.moodle.org/moodle/blog/lib.php?r1=1.62.2.9&r2=1.62.2.10"
},
{
"name" : "http://cvs.moodle.org/moodle/blog/lib.php?r1=1.80.2.20&r2=1.80.2.21",
"refsource" : "CONFIRM",
"url" : "http://cvs.moodle.org/moodle/blog/lib.php?r1=1.80.2.20&r2=1.80.2.21"
},
{
"name" : "http://docs.moodle.org/en/Moodle_1.8.13_release_notes",
"refsource" : "CONFIRM",
"url" : "http://docs.moodle.org/en/Moodle_1.8.13_release_notes"
},
{
"name" : "http://docs.moodle.org/en/Moodle_1.9.9_release_notes",
"refsource" : "CONFIRM",
"url" : "http://docs.moodle.org/en/Moodle_1.9.9_release_notes"
},
{
"name" : "http://moodle.org/mod/forum/discuss.php?d=152367",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/mod/forum/discuss.php?d=152367"
},
{
"name" : "http://tracker.moodle.org/browse/MDL-22631",
"refsource" : "CONFIRM",
"url" : "http://tracker.moodle.org/browse/MDL-22631"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=605809",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=605809"
},
{
"name" : "FEDORA-2010-10286",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html"
},
{
"name" : "FEDORA-2010-10291",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html"
},
{
"name" : "FEDORA-2010-10321",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html"
},
{
"name" : "SUSE-SR:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name" : "40248",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40248"
},
{
"name" : "40352",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40352"
},
{
"name" : "ADV-2010-1530",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1530"
},
{
"name" : "ADV-2010-1571",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1571"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.moodle.org/moodle/blog/lib.php?r1=1.62.2.9&r2=1.62.2.10",
"refsource": "CONFIRM",
"url": "http://cvs.moodle.org/moodle/blog/lib.php?r1=1.62.2.9&r2=1.62.2.10"
},
{
"name": "http://docs.moodle.org/en/Moodle_1.8.13_release_notes",
"refsource": "CONFIRM",
"url": "http://docs.moodle.org/en/Moodle_1.8.13_release_notes"
},
{
"name": "FEDORA-2010-10286",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html"
},
{
"name": "ADV-2010-1571",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1571"
},
{
"name": "[oss-security] 20100621 Re: CVE request: moodle 1.9.9/1.8.13 multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/21/2"
},
{
"name": "40352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40352"
},
{
"name": "ADV-2010-1530",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1530"
},
{
"name": "FEDORA-2010-10321",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html"
},
{
"name": "http://moodle.org/mod/forum/discuss.php?d=152367",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=152367"
},
{
"name": "http://docs.moodle.org/en/Moodle_1.9.9_release_notes",
"refsource": "CONFIRM",
"url": "http://docs.moodle.org/en/Moodle_1.9.9_release_notes"
},
{
"name": "40248",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40248"
},
{
"name": "FEDORA-2010-10291",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "http://tracker.moodle.org/browse/MDL-22631",
"refsource": "CONFIRM",
"url": "http://tracker.moodle.org/browse/MDL-22631"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=605809",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=605809"
},
{
"name": "http://cvs.moodle.org/moodle/blog/lib.php?r1=1.80.2.20&r2=1.80.2.21",
"refsource": "CONFIRM",
"url": "http://cvs.moodle.org/moodle/blog/lib.php?r1=1.80.2.20&r2=1.80.2.21"
}
]
}
}

170
2010/2xxx/CVE-2010-2532.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2532",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100715 CVE request: lxsession-logout",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/07/15/1"
},
{
"name" : "[oss-security] 20100715 Re: CVE request: lxsession-logout",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/07/16/4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=614608",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=614608"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=622083",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=622083"
},
{
"name" : "https://bugzillafiles.novell.org/attachment.cgi?id=375737",
"refsource" : "CONFIRM",
"url" : "https://bugzillafiles.novell.org/attachment.cgi?id=375737"
},
{
"name" : "SUSE-SR:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=614608",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614608"
},
{
"name": "[oss-security] 20100715 CVE request: lxsession-logout",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/15/1"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=622083",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=622083"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[oss-security] 20100715 Re: CVE request: lxsession-logout",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/16/4"
},
{
"name": "https://bugzillafiles.novell.org/attachment.cgi?id=375737",
"refsource": "CONFIRM",
"url": "https://bugzillafiles.novell.org/attachment.cgi?id=375737"
}
]
}
}

190
2010/2xxx/CVE-2010-2658.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/mac/1060/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1060/"
},
{
"name" : "http://www.opera.com/docs/changelogs/unix/1060/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1060/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1060/"
},
{
"name" : "http://www.opera.com/support/search/view/958/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/search/view/958/"
},
{
"name" : "oval:org.mitre.oval:def:11862",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11862"
},
{
"name" : "40375",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40375"
},
{
"name" : "ADV-2010-1664",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1664"
},
{
"name" : "ADV-2010-1673",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1673"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40375"
},
{
"name": "ADV-2010-1673",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1673"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1060/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1060/"
},
{
"name": "oval:org.mitre.oval:def:11862",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11862"
},
{
"name": "ADV-2010-1664",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1664"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1060/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1060/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1060/"
},
{
"name": "http://www.opera.com/support/search/view/958/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/search/view/958/"
}
]
}
}

140
2010/3xxx/CVE-2010-3006.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3006",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote Management card with firmware before 4.06 allows remote attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-3006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02574",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02498412"
},
{
"name" : "SSRT100038",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02498412"
},
{
"name" : "1024398",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024398"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote Management card with firmware before 4.06 allows remote attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100038",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02498412"
},
{
"name": "1024398",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024398"
},
{
"name": "HPSBMA02574",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02498412"
}
]
}
}

130
2010/3xxx/CVE-2010-3156.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3156",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows local users to gain privileges via a Trojan horse executable file in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2010-3156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#36921800",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN36921800/index.html"
},
{
"name" : "JVNDB-2010-000041",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000041.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows local users to gain privileges via a Trojan horse executable file in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2010-000041",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000041.html"
},
{
"name": "JVN#36921800",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN36921800/index.html"
}
]
}
}

34
2010/3xxx/CVE-2010-3367.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3367",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3367",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2010/3xxx/CVE-2010-3725.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3725",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-3725",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

140
2010/3xxx/CVE-2010-3734.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3734",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource" : "CONFIRM",
"url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
},
{
"name" : "IC62856",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62856"
},
{
"name" : "oval:org.mitre.oval:def:14764",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14764"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14764",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14764"
},
{
"name": "IC62856",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62856"
},
{
"name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource": "CONFIRM",
"url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
}
]
}
}

160
2010/4xxx/CVE-2010-4053.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4053",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-216/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-216/"
},
{
"name" : "68705",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/68705"
},
{
"name" : "41913",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41913"
},
{
"name" : "ADV-2010-2734",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2734"
},
{
"name" : "ibm-ids-oninit-bo(62619)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62619"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-216/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-216/"
},
{
"name": "ADV-2010-2734",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2734"
},
{
"name": "68705",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68705"
},
{
"name": "41913",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41913"
},
{
"name": "ibm-ids-oninit-bo(62619)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62619"
}
]
}
}

130
2010/4xxx/CVE-2010-4284.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-4284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-069-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-069-01.pdf"
},
{
"name" : "VU#236668",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/236668"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#236668",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/236668"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-069-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-069-01.pdf"
}
]
}
}

240
2010/4xxx/CVE-2010-4530.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/12/22/7"
},
{
"name" : "[oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/01/03/3"
},
{
"name" : "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf",
"refsource" : "MISC",
"url" : "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=664986",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=664986"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name" : "FEDORA-2011-0143",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053097.html"
},
{
"name" : "FEDORA-2011-0162",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076.html"
},
{
"name" : "MDVSA-2011:014",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:014"
},
{
"name" : "RHSA-2013:1323",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1323.html"
},
{
"name" : "45806",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45806"
},
{
"name" : "ADV-2011-0100",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0100"
},
{
"name" : "ADV-2011-0179",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0179"
},
{
"name" : "pcsclite-ccid-code-execution(64961)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64961"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/12/22/7"
},
{
"name": "RHSA-2013:1323",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1323.html"
},
{
"name": "45806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45806"
},
{
"name": "FEDORA-2011-0143",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053097.html"
},
{
"name": "ADV-2011-0100",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0100"
},
{
"name": "FEDORA-2011-0162",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076.html"
},
{
"name": "ADV-2011-0179",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0179"
},
{
"name": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf",
"refsource": "MISC",
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name": "MDVSA-2011:014",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:014"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=664986",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664986"
},
{
"name": "[oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/3"
},
{
"name": "pcsclite-ccid-code-execution(64961)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64961"
}
]
}
}

34
2010/4xxx/CVE-2010-4559.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4559",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4670, CVE-2010-4671. Reason: This candidate is a duplicate of CVE-2010-4670 and CVE-2010-4671. Notes: All CVE users should reference CVE-2010-4670 and/or CVE-2010-4671 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-4559",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4670, CVE-2010-4671. Reason: This candidate is a duplicate of CVE-2010-4670 and CVE-2010-4671. Notes: All CVE users should reference CVE-2010-4670 and/or CVE-2010-4671 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

120
2011/5xxx/CVE-2011-5294.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in LTCML14n.dll 14.0.0.34 in Kofax e-Transactions Sender Sendbox 2.5.0.933 allows remote attackers to write to arbitrary files via a pathname in the first argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB23016",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23016"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in LTCML14n.dll 14.0.0.34 in Kofax e-Transactions Sender Sendbox 2.5.0.933 allows remote attackers to write to arbitrary files via a pathname in the first argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23016",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23016"
}
]
}
}

160
2014/3xxx/CVE-2014-3100.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140623 Android KeyStore Stack Buffer Overflow (CVE-2014-3100)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532527/100/0/threaded"
},
{
"name" : "http://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-things-simple-buffers-are-always-larger-than-needed/",
"refsource" : "MISC",
"url" : "http://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-things-simple-buffers-are-always-larger-than-needed/"
},
{
"name" : "http://packetstormsecurity.com/files/127185/Android-KeyStore-Stack-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127185/Android-KeyStore-Stack-Buffer-Overflow.html"
},
{
"name" : "http://www.slideshare.net/ibmsecurity/android-keystorestackbufferoverflow",
"refsource" : "MISC",
"url" : "http://www.slideshare.net/ibmsecurity/android-keystorestackbufferoverflow"
},
{
"name" : "68152",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127185/Android-KeyStore-Stack-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127185/Android-KeyStore-Stack-Buffer-Overflow.html"
},
{
"name": "20140623 Android KeyStore Stack Buffer Overflow (CVE-2014-3100)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532527/100/0/threaded"
},
{
"name": "68152",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68152"
},
{
"name": "http://www.slideshare.net/ibmsecurity/android-keystorestackbufferoverflow",
"refsource": "MISC",
"url": "http://www.slideshare.net/ibmsecurity/android-keystorestackbufferoverflow"
},
{
"name": "http://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-things-simple-buffers-are-always-larger-than-needed/",
"refsource": "MISC",
"url": "http://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-things-simple-buffers-are-always-larger-than-needed/"
}
]
}
}

160
2014/3xxx/CVE-2014-3330.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3330",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly process packet-drop policy checks for logged packets, which allows remote attackers to bypass intended access restrictions via a flood of packets matching a policy that contains the log keyword, aka Bug ID CSCuo02489."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35181",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35181"
},
{
"name" : "20140805 Cisco Nexus 9000 Series Switches Access List Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3330"
},
{
"name" : "69057",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69057"
},
{
"name" : "1030676",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030676"
},
{
"name" : "cisco-nexus-cve20143330-sec-bypass(95122)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95122"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly process packet-drop policy checks for logged packets, which allows remote attackers to bypass intended access restrictions via a flood of packets matching a policy that contains the log keyword, aka Bug ID CSCuo02489."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030676",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030676"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35181",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35181"
},
{
"name": "20140805 Cisco Nexus 9000 Series Switches Access List Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3330"
},
{
"name": "cisco-nexus-cve20143330-sec-bypass(95122)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95122"
},
{
"name": "69057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69057"
}
]
}
}

34
2014/3xxx/CVE-2014-3769.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3769",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3769",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2014/8xxx/CVE-2014-8268.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8268",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-8268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#546340",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/546340"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#546340",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/546340"
}
]
}
}

170
2014/8xxx/CVE-2014-8335.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141020 Re: Vulnerabilities in WordPress Database Manager v2.7.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/20/7"
},
{
"name" : "http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html"
},
{
"name" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html"
},
{
"name" : "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a",
"refsource" : "CONFIRM",
"url" : "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a"
},
{
"name" : "https://wordpress.org/plugins/wp-dbmanager/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/wp-dbmanager/#developers"
},
{
"name" : "dbmgr-wordpress-cve20148335-info-disc(97691)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97691"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html"
},
{
"name": "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a",
"refsource": "CONFIRM",
"url": "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a"
},
{
"name": "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html"
},
{
"name": "[oss-security] 20141020 Re: Vulnerabilities in WordPress Database Manager v2.7.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/20/7"
},
{
"name": "dbmgr-wordpress-cve20148335-info-disc(97691)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97691"
},
{
"name": "https://wordpress.org/plugins/wp-dbmanager/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wp-dbmanager/#developers"
}
]
}
}

250
2014/8xxx/CVE-2014-8714.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8714",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2014-23.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2014-23.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10596",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10596"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1463db37d9bbc9cd532afdf2817caaf8eb367831",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1463db37d9bbc9cd532afdf2817caaf8eb367831"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bc2726578156f3608960fc65ce1f691639e6addc",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bc2726578156f3608960fc65ce1f691639e6addc"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "DSA-3076",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3076"
},
{
"name" : "FEDORA-2014-15320",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145658.html"
},
{
"name" : "RHSA-2015:1460",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1460.html"
},
{
"name" : "openSUSE-SU-2014:1503",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00104.html"
},
{
"name" : "71072",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71072"
},
{
"name" : "60231",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60231"
},
{
"name" : "60290",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60290"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60290"
},
{
"name": "60231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60231"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2014-23.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2014-23.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bc2726578156f3608960fc65ce1f691639e6addc",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bc2726578156f3608960fc65ce1f691639e6addc"
},
{
"name": "RHSA-2015:1460",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1460.html"
},
{
"name": "71072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71072"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "DSA-3076",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3076"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1463db37d9bbc9cd532afdf2817caaf8eb367831",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1463db37d9bbc9cd532afdf2817caaf8eb367831"
},
{
"name": "openSUSE-SU-2014:1503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00104.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10596",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10596"
},
{
"name": "FEDORA-2014-15320",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145658.html"
}
]
}
}

140
2014/8xxx/CVE-2014-8752.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8752",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in view.php in JCE-Tech PHP Video Script (aka Video Niche Script) 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) video or (2) title parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141219 CVE-2014-8752 JCE-Tech \"Video Niche Script\" XSS (Cross-Site Scripting) Security Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/84"
},
{
"name" : "http://tetraph.com/security/cves/cve-2014-8752-jce-tech-video-niche-script-xss-cross-site-scripting-security-vulnerability/",
"refsource" : "MISC",
"url" : "http://tetraph.com/security/cves/cve-2014-8752-jce-tech-video-niche-script-xss-cross-site-scripting-security-vulnerability/"
},
{
"name" : "71738",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71738"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in view.php in JCE-Tech PHP Video Script (aka Video Niche Script) 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) video or (2) title parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tetraph.com/security/cves/cve-2014-8752-jce-tech-video-niche-script-xss-cross-site-scripting-security-vulnerability/",
"refsource": "MISC",
"url": "http://tetraph.com/security/cves/cve-2014-8752-jce-tech-video-niche-script-xss-cross-site-scripting-security-vulnerability/"
},
{
"name": "71738",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71738"
},
{
"name": "20141219 CVE-2014-8752 JCE-Tech \"Video Niche Script\" XSS (Cross-Site Scripting) Security Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/84"
}
]
}
}

140
2014/8xxx/CVE-2014-8868.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive information, via a request to /4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141201 [RT-SA-2014-011] EntryPass N5200 Credentials Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534128/100/0/threaded"
},
{
"name" : "20141201 [RT-SA-2014-011] EntryPass N5200 Credentials Disclosure",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/2"
},
{
"name" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-011",
"refsource" : "MISC",
"url" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-011"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive information, via a request to /4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-011",
"refsource": "MISC",
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-011"
},
{
"name": "20141201 [RT-SA-2014-011] EntryPass N5200 Credentials Disclosure",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/2"
},
{
"name": "20141201 [RT-SA-2014-011] EntryPass N5200 Credentials Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534128/100/0/threaded"
}
]
}
}

140
2014/9xxx/CVE-2014-9230.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9230",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-9230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00"
},
{
"name" : "75288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75288"
},
{
"name" : "1032710",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032710"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75288"
},
{
"name": "1032710",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032710"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00"
}
]
}
}

130
2014/9xxx/CVE-2014-9430.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9430",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
},
{
"name" : "smoothwall-multiple-xss(99404)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99404"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "smoothwall-multiple-xss(99404)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99404"
},
{
"name": "http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
}
]
}
}

140
2014/9xxx/CVE-2014-9483.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Emacs 24.4 allows remote attackers to bypass security restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-9483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150103 Re: CVE request for emacs possibly",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/03/15"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1181599",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1181599"
},
{
"name" : "emacs-cve20149483-sec-bypass(99688)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99688"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emacs 24.4 allows remote attackers to bypass security restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1181599",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181599"
},
{
"name": "[oss-security] 20150103 Re: CVE request for emacs possibly",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/15"
},
{
"name": "emacs-cve20149483-sec-bypass(99688)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99688"
}
]
}
}

150
2016/2xxx/CVE-2016-2200.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-040-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-040-02"
},
{
"name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-253230.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-253230.pdf"
},
{
"name" : "83106",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/83106"
},
{
"name" : "1034954",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034954"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "83106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83106"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-253230.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-253230.pdf"
},
{
"name": "1034954",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034954"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-040-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-040-02"
}
]
}
}

34
2016/2xxx/CVE-2016-2238.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2238",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2238",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2016/2xxx/CVE-2016-2366.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-2366",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pidgin",
"version" : {
"version_data" : [
{
"version_value" : "2.10.11"
}
]
}
}
]
},
"vendor_name" : "Pidgin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0134/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0134/"
},
{
"name" : "http://www.pidgin.im/news/security/?id=99",
"refsource" : "CONFIRM",
"url" : "http://www.pidgin.im/news/security/?id=99"
},
{
"name" : "DSA-3620",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3620"
},
{
"name" : "GLSA-201701-38",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-38"
},
{
"name" : "USN-3031-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"name" : "91335",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91335"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.pidgin.im/news/security/?id=99",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=99"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0134/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0134/"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}

310
2016/2xxx/CVE-2016-2547.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2547",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/01/19/1"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311566",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311566"
},
{
"name" : "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d"
},
{
"name" : "DSA-3503",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3503"
},
{
"name" : "SUSE-SU-2016:2074",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name" : "SUSE-SU-2016:0911",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
},
{
"name" : "SUSE-SU-2016:1102",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
},
{
"name" : "USN-2967-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2967-1"
},
{
"name" : "USN-2967-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2967-2"
},
{
"name" : "USN-2929-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name" : "USN-2929-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name" : "USN-2930-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"name" : "USN-2930-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"name" : "USN-2930-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"name" : "USN-2931-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2931-1"
},
{
"name" : "USN-2932-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name" : "83378",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/83378"
},
{
"name" : "1035298",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035298"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2930-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"name": "USN-2967-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311566",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311566"
},
{
"name": "USN-2930-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"name": "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d"
},
{
"name": "DSA-3503",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3503"
},
{
"name": "83378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83378"
},
{
"name": "USN-2967-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-2"
},
{
"name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/1"
},
{
"name": "USN-2930-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"name": "SUSE-SU-2016:1102",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
},
{
"name": "USN-2929-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name": "USN-2932-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "1035298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035298"
},
{
"name": "USN-2931-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2931-1"
},
{
"name": "USN-2929-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name": "SUSE-SU-2016:0911",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
}
]
}
}

180
2016/6xxx/CVE-2016-6519.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6519",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the \"Shares\" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the \"Create Share\" form."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2016-6519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160915 CVE-2016-6519: openstack-manila: Persistent XSS in Metadata field",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/15/7"
},
{
"name" : "https://bugs.launchpad.net/manila-ui/+bug/1597738",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/manila-ui/+bug/1597738"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1375147",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1375147"
},
{
"name" : "RHSA-2016:2115",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2115.html"
},
{
"name" : "RHSA-2016:2116",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2116.html"
},
{
"name" : "RHSA-2016:2117",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2117.html"
},
{
"name" : "93001",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"Shares\" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the \"Create Share\" form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2115",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2115.html"
},
{
"name": "RHSA-2016:2117",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2117.html"
},
{
"name": "RHSA-2016:2116",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2116.html"
},
{
"name": "https://bugs.launchpad.net/manila-ui/+bug/1597738",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/manila-ui/+bug/1597738"
},
{
"name": "93001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93001"
},
{
"name": "[oss-security] 20160915 CVE-2016-6519: openstack-manila: Persistent XSS in Metadata field",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1375147",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375147"
}
]
}
}

34
2016/6xxx/CVE-2016-6589.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6589",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6589",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/6xxx/CVE-2016-6951.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6951",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "93496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93496"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name": "93496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93496"
}
]
}
}

34
2016/7xxx/CVE-2016-7197.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7197",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7197",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/7xxx/CVE-2016-7266.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-148",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name" : "94662",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94662"
},
{
"name" : "1037441",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037441"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94662"
},
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
}
]
}
}

140
2016/7xxx/CVE-2016-7459.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@vmware.com",
"ID" : "CVE-2016-7459",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2016-7459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2016-0022.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
},
{
"name" : "94486",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94486"
},
{
"name" : "1037329",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037329"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94486"
},
{
"name": "1037329",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037329"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
}
]
}
}

140
2016/7xxx/CVE-2016-7609.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"AppleGraphicsPowerManagement\" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
},
{
"name" : "94903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94903"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"AppleGraphicsPowerManagement\" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}