admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:33:32 +00:00
parent 0f9d8626b8
commit 5ece8bf1e0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4259 additions and 4259 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

240
2006/5xxx/CVE-2006-5116.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5116",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061001 Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447491/100/0/threaded"
},
{
"name" : "20061003 Concerning CSRF in phpMyAdmin 2.9.0.1 (CVE-2006-5116)",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-October/001067.html"
},
{
"name" : "http://www.hardened-php.net/advisory_072006.130.html",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisory_072006.130.html"
},
{
"name" : "http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.9.1-rc1.tar.gz?download",
"refsource" : "CONFIRM",
"url" : "http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.9.1-rc1.tar.gz?download"
},
{
"name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-5",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-5"
},
{
"name" : "DSA-1207",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1207"
},
{
"name" : "SUSE-SA:2006:071",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html"
},
{
"name" : "20253",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20253"
},
{
"name" : "22126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22126"
},
{
"name" : "22781",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22781"
},
{
"name" : "23086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23086"
},
{
"name" : "1677",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1677"
},
{
"name" : "phpmyadmin-multiple-csrf(29301)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29301"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22126"
},
{
"name": "20253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20253"
},
{
"name": "http://www.hardened-php.net/advisory_072006.130.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_072006.130.html"
},
{
"name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-5",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-5"
},
{
"name": "DSA-1207",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1207"
},
{
"name": "http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.9.1-rc1.tar.gz?download",
"refsource": "CONFIRM",
"url": "http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.9.1-rc1.tar.gz?download"
},
{
"name": "20061003 Concerning CSRF in phpMyAdmin 2.9.0.1 (CVE-2006-5116)",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-October/001067.html"
},
{
"name": "22781",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22781"
},
{
"name": "phpmyadmin-multiple-csrf(29301)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29301"
},
{
"name": "1677",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1677"
},
{
"name": "20061001 Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447491/100/0/threaded"
},
{
"name": "23086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23086"
},
{
"name": "SUSE-SA:2006:071",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html"
}
]
}
}

150
2006/5xxx/CVE-2006-5890.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5890",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2764",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2764"
},
{
"name" : "ADV-2006-4465",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4465"
},
{
"name" : "22839",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22839"
},
{
"name" : "usupport-detail-sql-injection(30189)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30189"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22839"
},
{
"name": "ADV-2006-4465",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4465"
},
{
"name": "usupport-detail-sql-injection(30189)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30189"
},
{
"name": "2764",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2764"
}
]
}
}

180
2007/2xxx/CVE-2007-2502.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMI02210",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01034753"
},
{
"name" : "SSRT071396",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01034753"
},
{
"name" : "23791",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23791"
},
{
"name" : "ADV-2007-1651",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1651"
},
{
"name" : "1018001",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018001"
},
{
"name" : "25101",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25101"
},
{
"name" : "hp-procurve-switches-unspecified-dos(34033)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34033"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMI02210",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01034753"
},
{
"name": "SSRT071396",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01034753"
},
{
"name": "25101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25101"
},
{
"name": "hp-procurve-switches-unspecified-dos(34033)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34033"
},
{
"name": "ADV-2007-1651",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1651"
},
{
"name": "23791",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23791"
},
{
"name": "1018001",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018001"
}
]
}
}

140
2007/2xxx/CVE-2007-2679.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2679",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the file_exists function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070417 Bugtraq 23534",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-April/001536.html"
},
{
"name" : "23534",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23534"
},
{
"name" : "24912",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24912"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the file_exists function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070417 Bugtraq 23534",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-April/001536.html"
},
{
"name": "24912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24912"
},
{
"name": "23534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23534"
}
]
}
}

190
2007/3xxx/CVE-2007-3072.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3072",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070604 Unpatched input validation flaw in Firefox 2.0.0.4",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/470500/100/0/threaded"
},
{
"name" : "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/",
"refsource" : "MISC",
"url" : "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/"
},
{
"name" : "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/#comment-35888",
"refsource" : "MISC",
"url" : "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/#comment-35888"
},
{
"name" : "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/",
"refsource" : "MISC",
"url" : "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/"
},
{
"name" : "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/",
"refsource" : "MISC",
"url" : "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=367428",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=367428"
},
{
"name" : "35922",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35922"
},
{
"name" : "25481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070604 Unpatched input validation flaw in Firefox 2.0.0.4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470500/100/0/threaded"
},
{
"name": "35922",
"refsource": "OSVDB",
"url": "http://osvdb.org/35922"
},
{
"name": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/",
"refsource": "MISC",
"url": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/"
},
{
"name": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/",
"refsource": "MISC",
"url": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/"
},
{
"name": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/",
"refsource": "MISC",
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/"
},
{
"name": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/#comment-35888",
"refsource": "MISC",
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/#comment-35888"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428"
},
{
"name": "25481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25481"
}
]
}
}

160
2007/3xxx/CVE-2007-3886.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in default.asp in Element CMS allows remote attackers to inject arbitrary web script or HTML via the s parameter in a search pID action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070713 Element CMS script insertion vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0286.html"
},
{
"name" : "24960",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24960"
},
{
"name" : "36356",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36356"
},
{
"name" : "26080",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26080"
},
{
"name" : "elementcms-unspecified-xss(35475)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35475"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in default.asp in Element CMS allows remote attackers to inject arbitrary web script or HTML via the s parameter in a search pID action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070713 Element CMS script insertion vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0286.html"
},
{
"name": "24960",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24960"
},
{
"name": "36356",
"refsource": "OSVDB",
"url": "http://osvdb.org/36356"
},
{
"name": "elementcms-unspecified-xss(35475)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35475"
},
{
"name": "26080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26080"
}
]
}
}

530
2007/6xxx/CVE-2007-6284.json
View File

@ -1,267 +1,267 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-6284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080115 rPSA-2008-0017-1 libxml2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/486410/100/0/threaded"
},
{
"name" : "20080329 VMSA-2008-0006 Updated libxml2 service console package",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490306/100/0/threaded"
},
{
"name" : "[Security-announce] 20080328 VMSA-2008-0006 Updated libxml2 service console package",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2008/000009.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=425927",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=425927"
},
{
"name" : "http://www.xmlsoft.org/news.html",
"refsource" : "CONFIRM",
"url" : "http://www.xmlsoft.org/news.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2121",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2121"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=202628",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=202628"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm"
},
{
"name" : "APPLE-SA-2008-07-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name" : "DSA-1461",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1461"
},
{
"name" : "FEDORA-2008-0462",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html"
},
{
"name" : "FEDORA-2008-0477",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html"
},
{
"name" : "GLSA-200801-20",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200801-20.xml"
},
{
"name" : "MDVSA-2008:010",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:010"
},
{
"name" : "RHSA-2008:0032",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0032.html"
},
{
"name" : "103201",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1"
},
{
"name" : "201514",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1"
},
{
"name" : "SUSE-SR:2008:002",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name" : "USN-569-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/569-1/"
},
{
"name" : "27248",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27248"
},
{
"name" : "oval:org.mitre.oval:def:11594",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594"
},
{
"name" : "ADV-2008-0117",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0117"
},
{
"name" : "ADV-2008-0144",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0144"
},
{
"name" : "ADV-2008-1033",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1033/references"
},
{
"name" : "ADV-2008-2094",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name" : "oval:org.mitre.oval:def:5216",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216"
},
{
"name" : "1019181",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019181"
},
{
"name" : "28439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28439"
},
{
"name" : "28444",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28444"
},
{
"name" : "[xml] 20080111 Security flaw affecting all previous libxml2 releases",
"refsource" : "MLIST",
"url" : "http://mail.gnome.org/archives/xml/2008-January/msg00036.html"
},
{
"name" : "28452",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28452"
},
{
"name" : "28458",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28458"
},
{
"name" : "28470",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28470"
},
{
"name" : "28466",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28466"
},
{
"name" : "28475",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28475"
},
{
"name" : "28450",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28450"
},
{
"name" : "28636",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28636"
},
{
"name" : "28716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28716"
},
{
"name" : "28740",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28740"
},
{
"name" : "29591",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29591"
},
{
"name" : "31074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31074"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28439"
},
{
"name": "GLSA-200801-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-20.xml"
},
{
"name": "28466",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28466"
},
{
"name": "ADV-2008-1033",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1033/references"
},
{
"name": "103201",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1"
},
{
"name": "DSA-1461",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1461"
},
{
"name": "USN-569-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/569-1/"
},
{
"name": "SUSE-SR:2008:002",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name": "20080329 VMSA-2008-0006 Updated libxml2 service console package",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490306/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5216",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216"
},
{
"name": "27248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27248"
},
{
"name": "28444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28444"
},
{
"name": "MDVSA-2008:010",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:010"
},
{
"name": "ADV-2008-0117",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0117"
},
{
"name": "http://www.xmlsoft.org/news.html",
"refsource": "CONFIRM",
"url": "http://www.xmlsoft.org/news.html"
},
{
"name": "28716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28716"
},
{
"name": "28740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28740"
},
{
"name": "[xml] 20080111 Security flaw affecting all previous libxml2 releases",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/xml/2008-January/msg00036.html"
},
{
"name": "FEDORA-2008-0462",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html"
},
{
"name": "28475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28475"
},
{
"name": "oval:org.mitre.oval:def:11594",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594"
},
{
"name": "20080115 rPSA-2008-0017-1 libxml2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486410/100/0/threaded"
},
{
"name": "APPLE-SA-2008-07-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm"
},
{
"name": "ADV-2008-0144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0144"
},
{
"name": "28458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28458"
},
{
"name": "29591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29591"
},
{
"name": "ADV-2008-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "28636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28636"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm"
},
{
"name": "https://issues.rpath.com/browse/RPL-2121",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2121"
},
{
"name": "[Security-announce] 20080328 VMSA-2008-0006 Updated libxml2 service console package",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000009.html"
},
{
"name": "RHSA-2008:0032",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0032.html"
},
{
"name": "FEDORA-2008-0477",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html"
},
{
"name": "28470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28470"
},
{
"name": "201514",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1"
},
{
"name": "28450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28450"
},
{
"name": "31074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31074"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=425927",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425927"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=202628",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=202628"
},
{
"name": "28452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28452"
},
{
"name": "1019181",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019181"
}
]
}
}

170
2007/6xxx/CVE-2007-6366.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6366",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071205 SineCMS <= 2.3.4 Calendar SQL Injection 'n something else..",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
},
{
"name" : "20071218 Re: SineCMS <= 2.3.4 Calendar SQL Injection 'n something else..",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
},
{
"name" : "4693",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4693"
},
{
"name" : "27949",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27949"
},
{
"name" : "3444",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3444"
},
{
"name" : "sinecms-mods-sql-injection(38895)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38895"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3444",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3444"
},
{
"name": "27949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27949"
},
{
"name": "4693",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4693"
},
{
"name": "sinecms-mods-sql-injection(38895)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38895"
},
{
"name": "20071205 SineCMS <= 2.3.4 Calendar SQL Injection 'n something else..",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
},
{
"name": "20071218 Re: SineCMS <= 2.3.4 Calendar SQL Injection 'n something else..",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
}
]
}
}

210
2007/6xxx/CVE-2007-6387.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6387",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4825",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4825"
},
{
"name" : "http://support.quickbooks.intuit.com/support/qbupdate2007/Default.aspx",
"refsource" : "MISC",
"url" : "http://support.quickbooks.intuit.com/support/qbupdate2007/Default.aspx"
},
{
"name" : "http://www.intuit.com/support/security/",
"refsource" : "CONFIRM",
"url" : "http://www.intuit.com/support/security/"
},
{
"name" : "http://www.vantagelinguistics.com/answerworks/release/",
"refsource" : "CONFIRM",
"url" : "http://www.vantagelinguistics.com/answerworks/release/"
},
{
"name" : "26815",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26815"
},
{
"name" : "ADV-2007-4194",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4194"
},
{
"name" : "ADV-2007-4195",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4195"
},
{
"name" : "26566",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26566"
},
{
"name" : "26670",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26670"
},
{
"name" : "vantage-answerworks-bo(39004)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vantagelinguistics.com/answerworks/release/",
"refsource": "CONFIRM",
"url": "http://www.vantagelinguistics.com/answerworks/release/"
},
{
"name": "ADV-2007-4194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4194"
},
{
"name": "4825",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4825"
},
{
"name": "http://support.quickbooks.intuit.com/support/qbupdate2007/Default.aspx",
"refsource": "MISC",
"url": "http://support.quickbooks.intuit.com/support/qbupdate2007/Default.aspx"
},
{
"name": "26566",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26566"
},
{
"name": "http://www.intuit.com/support/security/",
"refsource": "CONFIRM",
"url": "http://www.intuit.com/support/security/"
},
{
"name": "26670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26670"
},
{
"name": "vantage-answerworks-bo(39004)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39004"
},
{
"name": "26815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26815"
},
{
"name": "ADV-2007-4195",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4195"
}
]
}
}

140
2007/6xxx/CVE-2007-6516.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6516",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.ocx) 1.0.0.1 allows remote attackers to execute arbitrary code via a long FileName property."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://shinnai.altervista.org/exploits/txt/TXT_MiyDKP9PDPCRBoRpWq3N.html",
"refsource" : "MISC",
"url" : "http://shinnai.altervista.org/exploits/txt/TXT_MiyDKP9PDPCRBoRpWq3N.html"
},
{
"name" : "26934",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26934"
},
{
"name" : "ravflic-filename-bo(39140)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39140"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.ocx) 1.0.0.1 allows remote attackers to execute arbitrary code via a long FileName property."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://shinnai.altervista.org/exploits/txt/TXT_MiyDKP9PDPCRBoRpWq3N.html",
"refsource": "MISC",
"url": "http://shinnai.altervista.org/exploits/txt/TXT_MiyDKP9PDPCRBoRpWq3N.html"
},
{
"name": "26934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26934"
},
{
"name": "ravflic-filename-bo(39140)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39140"
}
]
}
}

210
2007/6xxx/CVE-2007-6587.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mwrinfosecurity.com/publications/mwri_plogger-photo-gallery-sql-injection-vulnerability_2007-12-17.pdf",
"refsource" : "MISC",
"url" : "http://www.mwrinfosecurity.com/publications/mwri_plogger-photo-gallery-sql-injection-vulnerability_2007-12-17.pdf"
},
{
"name" : "http://packetstormsecurity.com/files/112947/Plogger-Photo-Gallery-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/112947/Plogger-Photo-Gallery-SQL-Injection.html"
},
{
"name" : "http://packetstormsecurity.org/files/112947/Plogger-Photo-Gallery-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/112947/Plogger-Photo-Gallery-SQL-Injection.html"
},
{
"name" : "https://labs.mwrinfosecurity.com/advisories/2007/12/17/plogger-sql-injection/",
"refsource" : "MISC",
"url" : "https://labs.mwrinfosecurity.com/advisories/2007/12/17/plogger-sql-injection/"
},
{
"name" : "http://dev.plogger.org/changeset/489",
"refsource" : "CONFIRM",
"url" : "http://dev.plogger.org/changeset/489"
},
{
"name" : "20120531 CVE-2012-2951 - believe this is a dupe",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2012-May/002556.html"
},
{
"name" : "26958",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26958"
},
{
"name" : "53644",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53644"
},
{
"name" : "39764",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/39764"
},
{
"name" : "plogger-id-sql-injection(75789)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75789"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120531 CVE-2012-2951 - believe this is a dupe",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2012-May/002556.html"
},
{
"name": "39764",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/39764"
},
{
"name": "https://labs.mwrinfosecurity.com/advisories/2007/12/17/plogger-sql-injection/",
"refsource": "MISC",
"url": "https://labs.mwrinfosecurity.com/advisories/2007/12/17/plogger-sql-injection/"
},
{
"name": "http://packetstormsecurity.org/files/112947/Plogger-Photo-Gallery-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112947/Plogger-Photo-Gallery-SQL-Injection.html"
},
{
"name": "26958",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26958"
},
{
"name": "http://www.mwrinfosecurity.com/publications/mwri_plogger-photo-gallery-sql-injection-vulnerability_2007-12-17.pdf",
"refsource": "MISC",
"url": "http://www.mwrinfosecurity.com/publications/mwri_plogger-photo-gallery-sql-injection-vulnerability_2007-12-17.pdf"
},
{
"name": "plogger-id-sql-injection(75789)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75789"
},
{
"name": "http://packetstormsecurity.com/files/112947/Plogger-Photo-Gallery-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/112947/Plogger-Photo-Gallery-SQL-Injection.html"
},
{
"name": "http://dev.plogger.org/changeset/489",
"refsource": "CONFIRM",
"url": "http://dev.plogger.org/changeset/489"
},
{
"name": "53644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53644"
}
]
}
}

130
2010/0xxx/CVE-2010-0064.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
}
]
}
}

130
2010/0xxx/CVE-2010-0142.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100127 Multiple Vulnerabilities in Cisco Unified MeetingPlace",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml"
},
{
"name" : "37965",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37965"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100127 Multiple Vulnerabilities in Cisco Unified MeetingPlace",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml"
},
{
"name": "37965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37965"
}
]
}
}

210
2010/0xxx/CVE-2010-0188.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-0188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-07.html"
},
{
"name" : "RHSA-2010:0114",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0114.html"
},
{
"name" : "SUSE-SR:2010:006",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name" : "38195",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38195"
},
{
"name" : "oval:org.mitre.oval:def:8697",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8697"
},
{
"name" : "1023601",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023601"
},
{
"name" : "38639",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38639"
},
{
"name" : "38915",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38915"
},
{
"name" : "ADV-2010-0399",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0399"
},
{
"name" : "adobe-unspec-priv-escalation(56297)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56297"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0399",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0399"
},
{
"name": "adobe-unspec-priv-escalation(56297)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56297"
},
{
"name": "RHSA-2010:0114",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0114.html"
},
{
"name": "SUSE-SR:2010:006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:8697",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8697"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-07.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-07.html"
},
{
"name": "38639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38639"
},
{
"name": "38195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38195"
},
{
"name": "1023601",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023601"
},
{
"name": "38915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38915"
}
]
}
}

150
2010/0xxx/CVE-2010-0257.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0257",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Microsoft Office Excel Record Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-017",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name" : "TA10-068A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name" : "oval:org.mitre.oval:def:8617",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8617"
},
{
"name" : "1023698",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023698"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Microsoft Office Excel Record Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:8617",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8617"
},
{
"name": "MS10-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023698"
}
]
}
}

170
2010/0xxx/CVE-2010-0790.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0790",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100305 Re: ncpfs, Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509894/100/0/threaded"
},
{
"name" : "20100305 ncpfs, Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509893/100/0/threaded"
},
{
"name" : "20100305 ncpfs, Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2010/Mar/122"
},
{
"name" : "SUSE-SR:2010:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name" : "SUSE-SR:2010:013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name" : "38563",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38563"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100305 ncpfs, Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Mar/122"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "20100305 ncpfs, Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509893/100/0/threaded"
},
{
"name": "SUSE-SR:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "38563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38563"
},
{
"name": "20100305 Re: ncpfs, Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509894/100/0/threaded"
}
]
}
}

150
2010/1xxx/CVE-2010-1219.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1219",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "11757",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11757"
},
{
"name" : "38746",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38746"
},
{
"name" : "38952",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38952"
},
{
"name" : "janews-index-file-include(56901)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56901"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38746"
},
{
"name": "11757",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11757"
},
{
"name": "janews-index-file-include(56901)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56901"
},
{
"name": "38952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38952"
}
]
}
}

210
2010/1xxx/CVE-2010-1236.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \\x00javascript:alert sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=37383",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=37383"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html"
},
{
"name" : "http://codereview.chromium.org/858001",
"refsource" : "CONFIRM",
"url" : "http://codereview.chromium.org/858001"
},
{
"name" : "http://flock.com/security/",
"refsource" : "CONFIRM",
"url" : "http://flock.com/security/"
},
{
"name" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=41244",
"refsource" : "CONFIRM",
"url" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=41244"
},
{
"name" : "https://bugs.webkit.org/show_bug.cgi?id=35948",
"refsource" : "CONFIRM",
"url" : "https://bugs.webkit.org/show_bug.cgi?id=35948"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "oval:org.mitre.oval:def:14067",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14067"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \\x00javascript:alert sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "http://src.chromium.org/viewvc/chrome?view=rev&revision=41244",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=41244"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "oval:org.mitre.oval:def:14067",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14067"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html"
},
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=35948",
"refsource": "CONFIRM",
"url": "https://bugs.webkit.org/show_bug.cgi?id=35948"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "http://flock.com/security/",
"refsource": "CONFIRM",
"url": "http://flock.com/security/"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=37383",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=37383"
},
{
"name": "http://codereview.chromium.org/858001",
"refsource": "CONFIRM",
"url": "http://codereview.chromium.org/858001"
}
]
}
}

360
2010/1xxx/CVE-2010-1392.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100608 VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511700/100/0/threaded"
},
{
"name" : "http://support.apple.com/kb/HT4196",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4196"
},
{
"name" : "http://support.apple.com/kb/HT4220",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4220"
},
{
"name" : "http://support.apple.com/kb/HT4225",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4225"
},
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "APPLE-SA-2010-06-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
},
{
"name" : "APPLE-SA-2010-06-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
},
{
"name" : "APPLE-SA-2010-06-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "MDVSA-2011:039",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-1006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name" : "40620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40620"
},
{
"name" : "oval:org.mitre.oval:def:7024",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7024"
},
{
"name" : "1024067",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024067"
},
{
"name" : "40105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40105"
},
{
"name" : "40196",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40196"
},
{
"name" : "41856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41856"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-1373",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1373"
},
{
"name" : "ADV-2010-1512",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1512"
},
{
"name" : "ADV-2010-2722",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "ADV-2011-0552",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "http://support.apple.com/kb/HT4220",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4220"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "APPLE-SA-2010-06-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
},
{
"name": "40196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40196"
},
{
"name": "40105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40105"
},
{
"name": "20100608 VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511700/100/0/threaded"
},
{
"name": "ADV-2010-1373",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1373"
},
{
"name": "APPLE-SA-2010-06-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2010-1512",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1512"
},
{
"name": "oval:org.mitre.oval:def:7024",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7024"
},
{
"name": "40620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40620"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "1024067",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024067"
},
{
"name": "http://support.apple.com/kb/HT4196",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4196"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

240
2010/1xxx/CVE-2010-1593.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1593",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100122 Silverstripe <= v2.3.4: two XSS vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509139/100/0/threaded"
},
{
"name" : "20100122 Silverstripe <= v2.3.4: two XSS vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.html"
},
{
"name" : "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456",
"refsource" : "CONFIRM",
"url" : "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456"
},
{
"name" : "http://open.silverstripe.org/changeset/97074",
"refsource" : "CONFIRM",
"url" : "http://open.silverstripe.org/changeset/97074"
},
{
"name" : "http://open.silverstripe.org/wiki/ChangeLog/2.3.5",
"refsource" : "CONFIRM",
"url" : "http://open.silverstripe.org/wiki/ChangeLog/2.3.5"
},
{
"name" : "http://www.silverstripe.org/security-releases/",
"refsource" : "CONFIRM",
"url" : "http://www.silverstripe.org/security-releases/"
},
{
"name" : "37923",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37923"
},
{
"name" : "61921",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61921"
},
{
"name" : "61923",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61923"
},
{
"name" : "38290",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38290"
},
{
"name" : "38347",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38347"
},
{
"name" : "silverstripe-comment-xss(55838)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55838"
},
{
"name" : "silverstripe-search-xss(55839)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55839"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.silverstripe.org/security-releases/",
"refsource": "CONFIRM",
"url": "http://www.silverstripe.org/security-releases/"
},
{
"name": "61921",
"refsource": "OSVDB",
"url": "http://osvdb.org/61921"
},
{
"name": "38347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38347"
},
{
"name": "61923",
"refsource": "OSVDB",
"url": "http://osvdb.org/61923"
},
{
"name": "20100122 Silverstripe <= v2.3.4: two XSS vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509139/100/0/threaded"
},
{
"name": "http://open.silverstripe.org/wiki/ChangeLog/2.3.5",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/wiki/ChangeLog/2.3.5"
},
{
"name": "silverstripe-comment-xss(55838)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55838"
},
{
"name": "37923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37923"
},
{
"name": "20100122 Silverstripe <= v2.3.4: two XSS vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.html"
},
{
"name": "silverstripe-search-xss(55839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55839"
},
{
"name": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456",
"refsource": "CONFIRM",
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456"
},
{
"name": "http://open.silverstripe.org/changeset/97074",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/97074"
},
{
"name": "38290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38290"
}
]
}
}

260
2010/1xxx/CVE-2010-1766.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1766",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://trac.webkit.org/changeset/56380",
"refsource" : "CONFIRM",
"url" : "http://trac.webkit.org/changeset/56380"
},
{
"name" : "https://bugs.webkit.org/show_bug.cgi?id=36339",
"refsource" : "CONFIRM",
"url" : "https://bugs.webkit.org/show_bug.cgi?id=36339"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=596494",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=596494"
},
{
"name" : "FEDORA-2010-11011",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
},
{
"name" : "FEDORA-2010-11020",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
},
{
"name" : "MDVSA-2011:039",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-1006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name" : "40557",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40557"
},
{
"name" : "41856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41856"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-1801",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1801"
},
{
"name" : "ADV-2010-2722",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "ADV-2011-0552",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "FEDORA-2010-11020",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2010-1801",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1801"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=596494",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596494"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=36339",
"refsource": "CONFIRM",
"url": "https://bugs.webkit.org/show_bug.cgi?id=36339"
},
{
"name": "40557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40557"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "FEDORA-2010-11011",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "http://trac.webkit.org/changeset/56380",
"refsource": "CONFIRM",
"url": "http://trac.webkit.org/changeset/56380"
}
]
}
}

150
2010/1xxx/CVE-2010-1972.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1972",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of HP Client Automation (HPCA) Enterprise Infrastructure (aka Radia) allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-1972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02555",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127905601332098&w=2"
},
{
"name" : "SSRT100064",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127905601332098&w=2"
},
{
"name" : "1024191",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024191"
},
{
"name" : "40592",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40592"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of HP Client Automation (HPCA) Enterprise Infrastructure (aka Radia) allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02555",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127905601332098&w=2"
},
{
"name": "SSRT100064",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127905601332098&w=2"
},
{
"name": "40592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40592"
},
{
"name": "1024191",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024191"
}
]
}
}

34
2014/0xxx/CVE-2014-0340.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0340",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0340",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/0xxx/CVE-2014-0797.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0797",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0797",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/0xxx/CVE-2014-0998.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0998",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534563/100/0/threaded"
},
{
"name" : "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jan/107"
},
{
"name" : "http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities"
},
{
"name" : "FreeBSD-EN-15:01",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-EN-15:01.vt.asc"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534563/100/0/threaded"
},
{
"name": "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/107"
},
{
"name": "FreeBSD-EN-15:01",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-15:01.vt.asc"
},
{
"name": "http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities"
}
]
}
}

170
2014/1xxx/CVE-2014-1339.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT6254",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6254"
},
{
"name" : "https://support.apple.com/kb/HT6537",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6537"
},
{
"name" : "APPLE-SA-2014-05-21-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
},
{
"name" : "APPLE-SA-2014-06-30-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name" : "APPLE-SA-2014-06-30-4",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"name" : "67553",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67553"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT6537",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6537"
},
{
"name": "APPLE-SA-2014-06-30-4",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"name": "http://support.apple.com/kb/HT6254",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6254"
},
{
"name": "APPLE-SA-2014-06-30-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "67553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67553"
},
{
"name": "APPLE-SA-2014-05-21-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
}
]
}
}

34
2014/1xxx/CVE-2014-1656.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1656",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-1656",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

170
2014/1xxx/CVE-2014-1767.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1767",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Ancillary Function Driver Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-1767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39525",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39525/"
},
{
"name" : "39446",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39446/"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-220/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-220/"
},
{
"name" : "MS14-040",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-040"
},
{
"name" : "68394",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68394"
},
{
"name" : "59778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59778"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Ancillary Function Driver Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-040"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-220/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-220/"
},
{
"name": "68394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68394"
},
{
"name": "39525",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39525/"
},
{
"name": "59778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59778"
},
{
"name": "39446",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39446/"
}
]
}
}

150
2014/4xxx/CVE-2014-4189.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4189",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html"
},
{
"name" : "68015",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68015"
},
{
"name" : "58528",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58528"
},
{
"name" : "58899",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58899"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html"
},
{
"name": "58899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58899"
},
{
"name": "58528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58528"
},
{
"name": "68015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68015"
}
]
}
}

120
2014/4xxx/CVE-2014-4322.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4322",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecom-driver-cve-2014-4322",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecom-driver-cve-2014-4322"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecom-driver-cve-2014-4322",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecom-driver-cve-2014-4322"
}
]
}
}

150
2014/4xxx/CVE-2014-4446.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4446",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT6536",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6536"
},
{
"name" : "APPLE-SA-2014-10-16-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"name" : "1031071",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031071"
},
{
"name" : "macosx-cve20144446-dos(97645)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97645"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031071",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031071"
},
{
"name": "APPLE-SA-2014-10-16-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"name": "macosx-cve20144446-dos(97645)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97645"
},
{
"name": "https://support.apple.com/kb/HT6536",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6536"
}
]
}
}

160
2014/4xxx/CVE-2014-4622.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140915 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
},
{
"name" : "69819",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69819"
},
{
"name" : "1030855",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030855"
},
{
"name" : "61251",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61251"
},
{
"name" : "emc-documentum-cve20144622-priv-esc(95990)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61251"
},
{
"name": "20140915 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
},
{
"name": "emc-documentum-cve20144622-priv-esc(95990)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
},
{
"name": "69819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69819"
},
{
"name": "1030855",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030855"
}
]
}
}

34
2014/4xxx/CVE-2014-4952.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4952",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-4952",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/5xxx/CVE-2014-5364.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5364",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5364",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/5xxx/CVE-2014-5564.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5564",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Angry Gran Toss (aka com.aceviral.angrygrantoss) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#610393",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/610393"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Angry Gran Toss (aka com.aceviral.angrygrantoss) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#610393",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/610393"
}
]
}
}

140
2014/5xxx/CVE-2014-5607.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5607",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Where's My Water? Free (aka com.disney.WMWLite) application 1.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#585841",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/585841"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Where's My Water? Free (aka com.disney.WMWLite) application 1.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#585841",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/585841"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2016/10xxx/CVE-2016-10706.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10706",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/",
"refsource" : "MISC",
"url" : "https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/"
},
{
"name" : "https://www.wordfence.com/blog/2016/05/jetpack-vulnerability/",
"refsource" : "MISC",
"url" : "https://www.wordfence.com/blog/2016/05/jetpack-vulnerability/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/",
"refsource": "MISC",
"url": "https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/"
},
{
"name": "https://www.wordfence.com/blog/2016/05/jetpack-vulnerability/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2016/05/jetpack-vulnerability/"
}
]
}
}

150
2016/3xxx/CVE-2016-3065.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3065",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=bf78a6f107949fdfb513d1b45e30cefe04e09e4f",
"refsource" : "CONFIRM",
"url" : "http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=bf78a6f107949fdfb513d1b45e30cefe04e09e4f"
},
{
"name" : "http://www.postgresql.org/about/news/1656/",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/about/news/1656/"
},
{
"name" : "http://www.postgresql.org/docs/current/static/release-9-5-2.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/current/static/release-9-5-2.html"
},
{
"name" : "1035468",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035468"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=bf78a6f107949fdfb513d1b45e30cefe04e09e4f",
"refsource": "CONFIRM",
"url": "http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=bf78a6f107949fdfb513d1b45e30cefe04e09e4f"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-9-5-2.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-9-5-2.html"
},
{
"name": "http://www.postgresql.org/about/news/1656/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news/1656/"
},
{
"name": "1035468",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035468"
}
]
}
}

130
2016/3xxx/CVE-2016-3129.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@blackberry.com",
"ID" : "CVE-2016-3129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BlackBerry GEMS versions 2.1.5.3 to 2.2.22.25",
"version" : {
"version_data" : [
{
"version_value" : "BlackBerry GEMS versions 2.1.5.3 to 2.2.22.25"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote shell execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2016-3129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlackBerry GEMS versions 2.1.5.3 to 2.2.22.25",
"version": {
"version_data": [
{
"version_value": "BlackBerry GEMS versions 2.1.5.3 to 2.2.22.25"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038814&language=None",
"refsource" : "CONFIRM",
"url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038814&language=None"
},
{
"name" : "94959",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94959"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote shell execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038814&language=None",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038814&language=None"
},
{
"name": "94959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94959"
}
]
}
}

520
2016/3xxx/CVE-2016-3134.json
View File

@ -1,262 +1,262 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3134",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2016-3134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://code.google.com/p/google-security-research/issues/detail?id=758",
"refsource" : "MISC",
"url" : "https://code.google.com/p/google-security-research/issues/detail?id=758"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1317383",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1317383"
},
{
"name" : "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name" : "DSA-3607",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3607"
},
{
"name" : "RHSA-2016:1847",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
},
{
"name" : "RHSA-2016:1875",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
},
{
"name" : "RHSA-2016:1883",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
},
{
"name" : "SUSE-SU-2016:1672",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name" : "SUSE-SU-2016:1690",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name" : "SUSE-SU-2016:1696",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name" : "SUSE-SU-2016:1764",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name" : "openSUSE-SU-2016:1641",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name" : "SUSE-SU-2016:1985",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name" : "SUSE-SU-2016:2000",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name" : "SUSE-SU-2016:2001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
},
{
"name" : "SUSE-SU-2016:2002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"name" : "SUSE-SU-2016:2006",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name" : "SUSE-SU-2016:2007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name" : "SUSE-SU-2016:2010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"name" : "SUSE-SU-2016:1961",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name" : "SUSE-SU-2016:1994",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"name" : "SUSE-SU-2016:1995",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name" : "SUSE-SU-2016:2005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name" : "SUSE-SU-2016:2009",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name" : "SUSE-SU-2016:2014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name" : "SUSE-SU-2016:2074",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name" : "USN-3049-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3049-1"
},
{
"name" : "USN-3050-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3050-1"
},
{
"name" : "USN-2929-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name" : "USN-2929-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name" : "USN-2930-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"name" : "USN-2930-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"name" : "USN-2930-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"name" : "USN-2931-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2931-1"
},
{
"name" : "USN-2932-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name" : "84305",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84305"
},
{
"name" : "1036763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309"
},
{
"name": "https://code.google.com/p/google-security-research/issues/detail?id=758",
"refsource": "MISC",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=758"
},
{
"name": "SUSE-SU-2016:2010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"name": "USN-2930-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317383",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317383"
},
{
"name": "SUSE-SU-2016:1994",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "SUSE-SU-2016:1961",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "USN-2930-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309"
},
{
"name": "SUSE-SU-2016:2001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "RHSA-2016:1847",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
},
{
"name": "SUSE-SU-2016:2006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "USN-3049-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3049-1"
},
{
"name": "RHSA-2016:1875",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
},
{
"name": "SUSE-SU-2016:2014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-2930-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:2009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name": "USN-2929-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name": "USN-2932-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name": "USN-3050-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3050-1"
},
{
"name": "SUSE-SU-2016:2005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "SUSE-SU-2016:2007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "SUSE-SU-2016:2000",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "RHSA-2016:1883",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
},
{
"name": "SUSE-SU-2016:1995",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "SUSE-SU-2016:2002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"name": "USN-2931-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2931-1"
},
{
"name": "USN-2929-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name": "84305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84305"
}
]
}
}

140
2016/3xxx/CVE-2016-3414.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3414",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://forums.zimbra.org/viewtopic.php?f=8&t=59816",
"refsource" : "CONFIRM",
"url" : "https://forums.zimbra.org/viewtopic.php?f=8&t=59816"
},
{
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource" : "CONFIRM",
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name" : "95918",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95918"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95918"
},
{
"name": "https://forums.zimbra.org/viewtopic.php?f=8&t=59816",
"refsource": "CONFIRM",
"url": "https://forums.zimbra.org/viewtopic.php?f=8&t=59816"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}

150
2016/3xxx/CVE-2016-3539.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3539",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3538."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91971",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91971"
},
{
"name" : "1036402",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036402"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3538."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91971"
},
{
"name": "1036402",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036402"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
}
]
}
}

136
2016/3xxx/CVE-2016-3904.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-3904",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30311977. References: Qualcomm QC-CR#1050455."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "94210",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94210"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30311977. References: Qualcomm QC-CR#1050455."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94210"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
}
]
}
}

182
2016/7xxx/CVE-2016-7077.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2016-7077",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "foreman",
"version" : {
"version_data" : [
{
"version_value" : "foreman 1.14.0"
}
]
}
}
]
},
"vendor_name" : "Foreman"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
],
[
{
"vectorString" : "3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "foreman",
"version": {
"version_data": [
{
"version_value": "foreman 1.14.0"
}
]
}
}
]
},
"vendor_name": "Foreman"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077"
},
{
"name" : "https://projects.theforeman.org/issues/16971",
"refsource" : "CONFIRM",
"url" : "https://projects.theforeman.org/issues/16971"
},
{
"name" : "https://theforeman.org/security.html#2016-7077",
"refsource" : "CONFIRM",
"url" : "https://theforeman.org/security.html#2016-7077"
},
{
"name" : "94230",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94230"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://theforeman.org/security.html#2016-7077",
"refsource": "CONFIRM",
"url": "https://theforeman.org/security.html#2016-7077"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077"
},
{
"name": "94230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94230"
},
{
"name": "https://projects.theforeman.org/issues/16971",
"refsource": "CONFIRM",
"url": "https://projects.theforeman.org/issues/16971"
}
]
}
}

34
2016/8xxx/CVE-2016-8075.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8075",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8075",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/8xxx/CVE-2016-8555.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8555",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8555",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

130
2016/8xxx/CVE-2016-8768.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2016-8768",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Honor 6,Honor 6 Plus,Honor 7 Versions earlier than 6.9.16",
"version" : {
"version_data" : [
{
"version_value" : "Honor 6,Honor 6 Plus,Honor 7 Versions earlier than 6.9.16"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privileged Execute-Never (PXN) defense mechanism failure"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Honor 6,Honor 6 Plus,Honor 7 Versions earlier than 6.9.16",
"version": {
"version_data": [
{
"version_value": "Honor 6,Honor 6 Plus,Honor 7 Versions earlier than 6.9.16"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
},
{
"name" : "93885",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93885"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privileged Execute-Never (PXN) defense mechanism failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
},
{
"name": "93885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93885"
}
]
}
}

150
2016/9xxx/CVE-2016-9020.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20161102 Disclose [10 * cve] in Exponent CMS",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Nov/12"
},
{
"name" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html"
},
{
"name" : "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db",
"refsource" : "CONFIRM",
"url" : "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
},
{
"name" : "97269",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97269"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db",
"refsource": "CONFIRM",
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
},
{
"name": "20161102 Disclose [10 * cve] in Exponent CMS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Nov/12"
},
{
"name": "97269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97269"
}
]
}
}

162
2016/9xxx/CVE-2016-9724.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-9724",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "7.1 MR1"
},
{
"version_value" : "7.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.2"
},
{
"version_value" : "7.1 MR2"
},
{
"version_value" : "7"
},
{
"version_value" : "7.1 MR2"
},
{
"version_value" : "7.2.3"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999537."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "7.1 MR1"
},
{
"version_value": "7.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.2"
},
{
"version_value": "7.1 MR2"
},
{
"version_value": "7"
},
{
"version_value": "7.1 MR2"
},
{
"version_value": "7.2.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21999537",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21999537"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999537."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21999537",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21999537"
}
]
}
}

160
2016/9xxx/CVE-2016-9844.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name" : "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name" : "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/05/20"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name" : "94728",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94728"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94728"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
}
]
}
}

140
2016/9xxx/CVE-2016-9879.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"ID" : "CVE-2016-9879",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1",
"version" : {
"version_data" : [
{
"version_value" : "Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded \"/\" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Encoded \"/\" in path variables"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-9879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1",
"version": {
"version_data": [
{
"version_value": "Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2016-9879",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2016-9879"
},
{
"name" : "RHSA-2017:1832",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"name" : "95142",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95142"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded \"/\" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Encoded \"/\" in path variables"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1832",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"name": "95142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95142"
},
{
"name": "https://pivotal.io/security/cve-2016-9879",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-9879"
}
]
}
}

34
2019/2xxx/CVE-2019-2015.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2015",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2015",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2305.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2305",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2305",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2732.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2732",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2732",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6505.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6505",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6505",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6963.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6963",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6963",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}