admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:56:22 +00:00
parent 18b6da3ea6
commit 7191876bcf
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 4054 additions and 4054 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/0xxx/CVE-2006-0479.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060128 PmWiki Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name" : "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/",
"refsource" : "MISC",
"url" : "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name" : "16421",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16421"
},
{
"name" : "ADV-2006-0375",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name" : "1015550",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015550"
},
{
"name" : "18634",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18634"
},
{
"name" : "pmwiki-multiple-xss(24368)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name" : "pmwiki-path-disclosure(24366)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
},
{
"name" : "pmwiki-file-include(24367)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060128 PmWiki Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name": "pmwiki-multiple-xss(24368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name": "18634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18634"
},
{
"name": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name": "pmwiki-file-include(24367)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"name": "1015550",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015550"
},
{
"name": "16421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16421"
},
{
"name": "ADV-2006-0375",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name": "pmwiki-path-disclosure(24366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
}
]
}
}

150
2006/0xxx/CVE-2006-0651.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16547",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16547"
},
{
"name" : "22991",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22991"
},
{
"name" : "1015594",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015594"
},
{
"name" : "vwdev-uid-sql-injection(24583)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24583"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22991",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22991"
},
{
"name": "vwdev-uid-sql-injection(24583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24583"
},
{
"name": "1015594",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015594"
},
{
"name": "16547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16547"
}
]
}
}

200
2006/0xxx/CVE-2006-0819.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0819",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060313 Secunia Research: Dwarf HTTP Server Source Disclosure andCross-Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427478/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2006-13/advisory",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2006-13/advisory"
},
{
"name" : "17123",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17123"
},
{
"name" : "ADV-2006-0937",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0937"
},
{
"name" : "23836",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23836"
},
{
"name" : "1015779",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015779"
},
{
"name" : "18962",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18962"
},
{
"name" : "576",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/576"
},
{
"name" : "dwarfhttp-extension-information-disclosure(25178)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25178"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0937",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0937"
},
{
"name": "1015779",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015779"
},
{
"name": "17123",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17123"
},
{
"name": "dwarfhttp-extension-information-disclosure(25178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25178"
},
{
"name": "20060313 Secunia Research: Dwarf HTTP Server Source Disclosure andCross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427478/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2006-13/advisory",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-13/advisory"
},
{
"name": "23836",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23836"
},
{
"name": "576",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/576"
},
{
"name": "18962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18962"
}
]
}
}

150
2006/1xxx/CVE-2006-1651.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that \"Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060403 Bypassing ISA Server 2004 with IPv6",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429816/100/0/threaded"
},
{
"name" : "20060404 Re: Bypassing ISA Server 2004 with IPv6",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429846/100/0/threaded"
},
{
"name" : "20060405 Re: Re: Bypassing ISA Server 2004 with IPv6",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430281/100/0/threaded"
},
{
"name" : "20060410 Re: Bypassing ISA Server 2004 with IPv6",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430684/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that \"Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060403 Bypassing ISA Server 2004 with IPv6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429816/100/0/threaded"
},
{
"name": "20060404 Re: Bypassing ISA Server 2004 with IPv6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429846/100/0/threaded"
},
{
"name": "20060405 Re: Re: Bypassing ISA Server 2004 with IPv6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430281/100/0/threaded"
},
{
"name": "20060410 Re: Bypassing ISA Server 2004 with IPv6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430684/100/0/threaded"
}
]
}
}

170
2006/1xxx/CVE-2006-1662.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060228 Limbo CMS code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426428"
},
{
"name" : "20060404 Re: Limbo CMS code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429946/100/0/threaded"
},
{
"name" : "20060228 Limbo CMS code execution",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0728.html"
},
{
"name" : "16902",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16902"
},
{
"name" : "519",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/519"
},
{
"name" : "limbocms-index-code-execution(24992)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24992"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "519",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/519"
},
{
"name": "20060228 Limbo CMS code execution",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0728.html"
},
{
"name": "16902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16902"
},
{
"name": "20060404 Re: Limbo CMS code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429946/100/0/threaded"
},
{
"name": "20060228 Limbo CMS code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426428"
},
{
"name": "limbocms-index-code-execution(24992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24992"
}
]
}
}

200
2006/4xxx/CVE-2006-4255.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name" : "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"refsource" : "MLIST",
"url" : "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457",
"refsource" : "MISC",
"url" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name" : "19544",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19544"
},
{
"name" : "ADV-2006-3316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name" : "1016713",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016713"
},
{
"name" : "21533",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21533"
},
{
"name" : "1423",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1423"
},
{
"name" : "horde-search-xss(28409)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19544"
},
{
"name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name": "ADV-2006-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name": "1423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1423"
},
{
"name": "21533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21533"
},
{
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name": "horde-search-xss(28409)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
},
{
"name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name": "1016713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016713"
}
]
}
}

290
2006/4xxx/CVE-2006-4331.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4331",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-4331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2006-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2006-02.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm"
},
{
"name" : "GLSA-200608-26",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-26.xml"
},
{
"name" : "MDKSA-2006:152",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:152"
},
{
"name" : "RHSA-2006:0658",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0658.html"
},
{
"name" : "VU#638376",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/638376"
},
{
"name" : "19690",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19690"
},
{
"name" : "oval:org.mitre.oval:def:10125",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10125"
},
{
"name" : "oval:org.mitre.oval:def:14587",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14587"
},
{
"name" : "ADV-2006-3370",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3370"
},
{
"name" : "1016736",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016736"
},
{
"name" : "21597",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21597"
},
{
"name" : "21649",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21649"
},
{
"name" : "21619",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21619"
},
{
"name" : "21682",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21682"
},
{
"name" : "21885",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21885"
},
{
"name" : "22378",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22378"
},
{
"name" : "wireshark-esp-offbyone(28553)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28553"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3370",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3370"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm"
},
{
"name": "21682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21682"
},
{
"name": "oval:org.mitre.oval:def:14587",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14587"
},
{
"name": "19690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19690"
},
{
"name": "oval:org.mitre.oval:def:10125",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10125"
},
{
"name": "1016736",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016736"
},
{
"name": "RHSA-2006:0658",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0658.html"
},
{
"name": "21649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21649"
},
{
"name": "MDKSA-2006:152",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:152"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2006-02.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2006-02.html"
},
{
"name": "21619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21619"
},
{
"name": "GLSA-200608-26",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-26.xml"
},
{
"name": "wireshark-esp-offbyone(28553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28553"
},
{
"name": "VU#638376",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/638376"
},
{
"name": "21885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21885"
},
{
"name": "21597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21597"
},
{
"name": "22378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22378"
}
]
}
}

150
2006/5xxx/CVE-2006-5029.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5029",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060921 Woltlab Burning Board 2.3.X SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446743/100/0/threaded"
},
{
"name" : "20060923 Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446937/100/0/threaded"
},
{
"name" : "20060924 Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446938/100/100/threaded"
},
{
"name" : "20060926 Re: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447069/100/100/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060926 Re: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447069/100/100/threaded"
},
{
"name": "20060923 Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446937/100/0/threaded"
},
{
"name": "20060921 Woltlab Burning Board 2.3.X SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446743/100/0/threaded"
},
{
"name": "20060924 Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446938/100/100/threaded"
}
]
}
}

160
2006/5xxx/CVE-2006-5284.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen Cheng-Da PHP News Reader (aka pnews) 2.6.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CFG[auth_phpbb_path] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2517",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2517"
},
{
"name" : "20480",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20480"
},
{
"name" : "ADV-2006-4011",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4011"
},
{
"name" : "22354",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22354"
},
{
"name" : "phpnewsreader-phpbbinc-file-include(29481)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen Cheng-Da PHP News Reader (aka pnews) 2.6.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CFG[auth_phpbb_path] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2517",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2517"
},
{
"name": "20480",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20480"
},
{
"name": "phpnewsreader-phpbbinc-file-include(29481)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29481"
},
{
"name": "ADV-2006-4011",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4011"
},
{
"name": "22354",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22354"
}
]
}
}

140
2006/5xxx/CVE-2006-5321.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phplist.com/news",
"refsource" : "MISC",
"url" : "http://www.phplist.com/news"
},
{
"name" : "http://tincan.co.uk/?lid=1821",
"refsource" : "CONFIRM",
"url" : "http://tincan.co.uk/?lid=1821"
},
{
"name" : "20483",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20483"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20483"
},
{
"name": "http://www.phplist.com/news",
"refsource": "MISC",
"url": "http://www.phplist.com/news"
},
{
"name": "http://tincan.co.uk/?lid=1821",
"refsource": "CONFIRM",
"url": "http://tincan.co.uk/?lid=1821"
}
]
}
}

150
2006/5xxx/CVE-2006-5488.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5488",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20643",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20643"
},
{
"name" : "29898",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29898"
},
{
"name" : "22489",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22489"
},
{
"name" : "xchangeboard-loginnick-sql-injection(29675)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29675"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29898",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29898"
},
{
"name": "xchangeboard-loginnick-sql-injection(29675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29675"
},
{
"name": "22489",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22489"
},
{
"name": "20643",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20643"
}
]
}
}

190
2006/5xxx/CVE-2006-5782.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not require authentication before executing commands in the installation directory, which allows remote attackers to cause a denial of service (reboot) by calling radbootw.exe or create arbitrary files by calling radcrecv."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061108 TSRT-06-13: HP OpenView Client Configuration Manager Device Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450942/100/0/threaded"
},
{
"name" : "HPSBMA02167",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00795552"
},
{
"name" : "SSRT061262",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00795552"
},
{
"name" : "ADV-2006-4410",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4410"
},
{
"name" : "1017197",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017197"
},
{
"name" : "22780",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22780"
},
{
"name" : "1842",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1842"
},
{
"name" : "hp-openview-radianotify-dos(30138)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not require authentication before executing commands in the installation directory, which allows remote attackers to cause a denial of service (reboot) by calling radbootw.exe or create arbitrary files by calling radcrecv."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061108 TSRT-06-13: HP OpenView Client Configuration Manager Device Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450942/100/0/threaded"
},
{
"name": "22780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22780"
},
{
"name": "HPSBMA02167",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00795552"
},
{
"name": "1842",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1842"
},
{
"name": "ADV-2006-4410",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4410"
},
{
"name": "hp-openview-radianotify-dos(30138)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30138"
},
{
"name": "SSRT061262",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00795552"
},
{
"name": "1017197",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017197"
}
]
}
}

220
2010/0xxx/CVE-2010-0209.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-0209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-16.html"
},
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "GLSA-201101-09",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name" : "HPSBMA02592",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=128767780602751&w=2"
},
{
"name" : "SSRT100300",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=128767780602751&w=2"
},
{
"name" : "oval:org.mitre.oval:def:11461",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11461"
},
{
"name" : "oval:org.mitre.oval:def:16106",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16106"
},
{
"name" : "1024621",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024621"
},
{
"name" : "43026",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43026"
},
{
"name" : "ADV-2011-0192",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0192"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "HPSBMA02592",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128767780602751&w=2"
},
{
"name": "1024621",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024621"
},
{
"name": "43026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43026"
},
{
"name": "GLSA-201101-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "oval:org.mitre.oval:def:11461",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11461"
},
{
"name": "SSRT100300",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128767780602751&w=2"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-16.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html"
},
{
"name": "oval:org.mitre.oval:def:16106",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16106"
}
]
}
}

34
2010/0xxx/CVE-2010-0737.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0737",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0737",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2010/2xxx/CVE-2010-2086.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2086",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf",
"refsource" : "MISC",
"url" : "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
},
{
"name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
},
{
"name": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf",
"refsource": "MISC",
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
}
]
}
}

150
2010/2xxx/CVE-2010-2900.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2900",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=43813",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=43813"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html"
},
{
"name" : "oval:org.mitre.oval:def:11818",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11818"
},
{
"name" : "40743",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40743"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11818",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11818"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=43813",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=43813"
},
{
"name": "40743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40743"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html"
}
]
}
}

150
2010/3xxx/CVE-2010-3188.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via a custom field to the search page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100826 BugTracker.net 3.4.3 SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513385/100/0/threaded"
},
{
"name" : "http://sourceforge.net/projects/btnet/files/btnet_3_4_4_release_notes.txt/view",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/projects/btnet/files/btnet_3_4_4_release_notes.txt/view"
},
{
"name" : "41150",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41150"
},
{
"name" : "bugtrackernet-search-sql-injection(61434)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61434"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via a custom field to the search page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bugtrackernet-search-sql-injection(61434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61434"
},
{
"name": "20100826 BugTracker.net 3.4.3 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513385/100/0/threaded"
},
{
"name": "41150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41150"
},
{
"name": "http://sourceforge.net/projects/btnet/files/btnet_3_4_4_release_notes.txt/view",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/btnet/files/btnet_3_4_4_release_notes.txt/view"
}
]
}
}

140
2010/3xxx/CVE-2010-3398.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3398",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21445669",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21445669"
},
{
"name" : "43220",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43220"
},
{
"name" : "ADV-2010-2380",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2380"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43220"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21445669",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21445669"
},
{
"name": "ADV-2010-2380",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2380"
}
]
}
}

140
2010/3xxx/CVE-2010-3655.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3655",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-3655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
},
{
"name" : "oval:org.mitre.oval:def:12077",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12077"
},
{
"name" : "1024664",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024664"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024664",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024664"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-25.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
},
{
"name": "oval:org.mitre.oval:def:12077",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12077"
}
]
}
}

520
2010/3xxx/CVE-2010-3702.json
View File

@ -1,262 +1,262 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3702",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"name" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf",
"refsource" : "MISC",
"url" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf"
},
{
"name" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=595245",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=595245"
},
{
"name" : "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html",
"refsource" : "CONFIRM",
"url" : "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"name" : "DSA-2119",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2119"
},
{
"name" : "DSA-2135",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2135"
},
{
"name" : "FEDORA-2010-15857",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"name" : "FEDORA-2010-15911",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"name" : "FEDORA-2010-15981",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"name" : "FEDORA-2010-16662",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"name" : "FEDORA-2010-16705",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"name" : "FEDORA-2010-16744",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"name" : "MDVSA-2010:228",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"name" : "MDVSA-2010:229",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"name" : "MDVSA-2010:230",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"name" : "MDVSA-2010:231",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"name" : "MDVSA-2012:144",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name" : "RHSA-2010:0749",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"name" : "RHSA-2010:0750",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0750.html"
},
{
"name" : "RHSA-2010:0751",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"name" : "RHSA-2010:0752",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"name" : "RHSA-2010:0753",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"name" : "RHSA-2010:0754",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0754.html"
},
{
"name" : "RHSA-2010:0755",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"name" : "RHSA-2010:0859",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"name" : "RHSA-2012:1201",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name" : "SSA:2010-324-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720"
},
{
"name" : "SUSE-SR:2010:022",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"name" : "SUSE-SR:2010:023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name" : "SUSE-SR:2010:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name" : "USN-1005-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"name" : "43845",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43845"
},
{
"name" : "42141",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42141"
},
{
"name" : "42397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42397"
},
{
"name" : "42357",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42357"
},
{
"name" : "42691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42691"
},
{
"name" : "43079",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43079"
},
{
"name" : "ADV-2010-2897",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2897"
},
{
"name" : "ADV-2010-3097",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name" : "ADV-2011-0230",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0230"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-16662",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"name": "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"name": "FEDORA-2010-15857",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"name": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf",
"refsource": "MISC",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf"
},
{
"name": "RHSA-2010:0859",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"name": "42357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42357"
},
{
"name": "MDVSA-2010:228",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"name": "ADV-2011-0230",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "RHSA-2010:0752",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"name": "SUSE-SR:2010:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name": "MDVSA-2010:230",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"name": "SUSE-SR:2010:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"name": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"name": "RHSA-2012:1201",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "43845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43845"
},
{
"name": "MDVSA-2010:231",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"name": "FEDORA-2010-16705",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"name": "SSA:2010-324-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720"
},
{
"name": "RHSA-2010:0751",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"name": "42397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42397"
},
{
"name": "42141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42141"
},
{
"name": "FEDORA-2010-15911",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"name": "MDVSA-2012:144",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "ADV-2010-3097",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name": "USN-1005-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"name": "RHSA-2010:0749",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"name": "RHSA-2010:0754",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0754.html"
},
{
"name": "FEDORA-2010-15981",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"name": "FEDORA-2010-16744",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=595245",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=595245"
},
{
"name": "ADV-2010-2897",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"name": "42691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42691"
},
{
"name": "DSA-2119",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "MDVSA-2010:229",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"name": "DSA-2135",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"name": "RHSA-2010:0750",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0750.html"
},
{
"name": "RHSA-2010:0755",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"name": "RHSA-2010:0753",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"name": "43079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43079"
}
]
}
}

240
2010/4xxx/CVE-2010-4254.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4254",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15974",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15974"
},
{
"name" : "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability",
"refsource" : "CONFIRM",
"url" : "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=654136",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=654136"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=655847",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=655847"
},
{
"name" : "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399",
"refsource" : "CONFIRM",
"url" : "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
},
{
"name" : "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358",
"refsource" : "CONFIRM",
"url" : "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
},
{
"name" : "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac",
"refsource" : "CONFIRM",
"url" : "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
},
{
"name" : "SUSE-SR:2011:001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name" : "SUSE-SR:2010:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name" : "45051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45051"
},
{
"name" : "42373",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42373"
},
{
"name" : "42877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42877"
},
{
"name" : "ADV-2011-0076",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0076"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2011:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "42373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42373"
},
{
"name": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
},
{
"name": "15974",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15974"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=655847",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
},
{
"name": "42877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42877"
},
{
"name": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
},
{
"name": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
},
{
"name": "45051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45051"
},
{
"name": "ADV-2011-0076",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=654136",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
}
]
}
}

240
2010/4xxx/CVE-2010-4348.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4348",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/15/4"
},
{
"name" : "[oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/16/1"
},
{
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php"
},
{
"name" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112"
},
{
"name" : "http://www.mantisbt.org/bugs/view.php?id=12607",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/bugs/view.php?id=12607"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=663230",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=663230"
},
{
"name" : "http://www.mantisbt.org/blog/?p=123",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/blog/?p=123"
},
{
"name" : "FEDORA-2010-19070",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html"
},
{
"name" : "FEDORA-2010-19078",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html"
},
{
"name" : "GLSA-201211-01",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"name" : "42772",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42772"
},
{
"name" : "51199",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51199"
},
{
"name" : "ADV-2011-0002",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0002"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0002",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0002"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php"
},
{
"name": "[oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/16/1"
},
{
"name": "GLSA-201211-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"name": "http://www.mantisbt.org/blog/?p=123",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/blog/?p=123"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=12607",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=12607"
},
{
"name": "51199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51199"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=663230",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=663230"
},
{
"name": "FEDORA-2010-19078",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html"
},
{
"name": "[oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/15/4"
},
{
"name": "42772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42772"
},
{
"name": "FEDORA-2010-19070",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112"
}
]
}
}

160
2010/4xxx/CVE-2010-4359.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4359",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15621",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15621"
},
{
"name" : "http://packetstormsecurity.org/files/view/96131/jurpopage-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/96131/jurpopage-sql.txt"
},
{
"name" : "45076",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45076"
},
{
"name" : "42387",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42387"
},
{
"name" : "ADV-2010-3071",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3071"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15621",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15621"
},
{
"name": "42387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42387"
},
{
"name": "http://packetstormsecurity.org/files/view/96131/jurpopage-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96131/jurpopage-sql.txt"
},
{
"name": "ADV-2010-3071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3071"
},
{
"name": "45076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45076"
}
]
}
}

160
2010/4xxx/CVE-2010-4582.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/mac/1100/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1100/"
},
{
"name" : "http://www.opera.com/docs/changelogs/unix/1100/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unix/1100/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1100/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1100/"
},
{
"name" : "SUSE-SR:2010:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name" : "42653",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42653"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42653",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42653"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1100/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1100/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1100/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1100/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1100/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1100/"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
}
]
}
}

120
2014/0xxx/CVE-2014-0202.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2014:0559",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0559.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0559",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0559.html"
}
]
}
}

120
2014/10xxx/CVE-2014-10076.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vapidlabs.com/advisory.php?v=81",
"refsource" : "MISC",
"url" : "http://www.vapidlabs.com/advisory.php?v=81"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=81",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=81"
}
]
}
}

140
2014/3xxx/CVE-2014-3617.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140915 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/09/15/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46619",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46619"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=269591",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=269591"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46619",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46619"
},
{
"name": "[oss-security] 20140915 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/09/15/1"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=269591",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=269591"
}
]
}
}

170
2014/4xxx/CVE-2014-4338.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-4338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name" : "[oss-security] 20140619 Re: cups-browsed remote exploit",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/06/19/12"
},
{
"name" : "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204",
"refsource" : "CONFIRM",
"url" : "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
},
{
"name" : "RHSA-2014:1795",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name" : "68124",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68124"
},
{
"name" : "62044",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1795",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "68124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68124"
},
{
"name": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204",
"refsource": "CONFIRM",
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
},
{
"name": "62044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62044"
},
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
]
}
}

320
2014/8xxx/CVE-2014-8138.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ocert.org/advisories/ocert-2014-012.html",
"refsource" : "MISC",
"url" : "https://www.ocert.org/advisories/ocert-2014-012.html"
},
{
"name" : "http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0539.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0539.html"
},
{
"name" : "DSA-3106",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3106"
},
{
"name" : "MDVSA-2015:012",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:012"
},
{
"name" : "MDVSA-2015:159",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:159"
},
{
"name" : "RHSA-2014:2021",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-2021.html"
},
{
"name" : "RHSA-2015:0698",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
},
{
"name" : "RHSA-2015:1713",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1713.html"
},
{
"name" : "SSA:2015-302-02",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"
},
{
"name" : "openSUSE-SU-2015:0038",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html"
},
{
"name" : "openSUSE-SU-2015:0039",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html"
},
{
"name" : "openSUSE-SU-2015:0042",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html"
},
{
"name" : "USN-2483-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2483-1"
},
{
"name" : "USN-2483-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2483-2"
},
{
"name" : "71746",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71746"
},
{
"name" : "1033459",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033459"
},
{
"name" : "61747",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61747"
},
{
"name" : "62311",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62311"
},
{
"name" : "62615",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62615"
},
{
"name" : "62619",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62619"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:012",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:012"
},
{
"name": "DSA-3106",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3106"
},
{
"name": "62619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62619"
},
{
"name": "openSUSE-SU-2015:0038",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html"
},
{
"name": "openSUSE-SU-2015:0042",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html"
},
{
"name": "61747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61747"
},
{
"name": "http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html"
},
{
"name": "USN-2483-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2483-2"
},
{
"name": "USN-2483-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2483-1"
},
{
"name": "https://www.ocert.org/advisories/ocert-2014-012.html",
"refsource": "MISC",
"url": "https://www.ocert.org/advisories/ocert-2014-012.html"
},
{
"name": "62615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62615"
},
{
"name": "1033459",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033459"
},
{
"name": "RHSA-2015:0698",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
},
{
"name": "openSUSE-SU-2015:0039",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html"
},
{
"name": "62311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62311"
},
{
"name": "RHSA-2014:2021",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2021.html"
},
{
"name": "71746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71746"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0539.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0539.html"
},
{
"name": "SSA:2015-302-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"
},
{
"name": "MDVSA-2015:159",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:159"
},
{
"name": "RHSA-2015:1713",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1713.html"
}
]
}
}

120
2014/8xxx/CVE-2014-8449.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8449",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-8449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://helpx.adobe.com/security/products/reader/apsb14-28.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/reader/apsb14-28.html"
}
]
}
}

280
2014/8xxx/CVE-2014-8738.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141103 Re: Re: strings / libbfd crasher",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/02/4"
},
{
"name" : "[oss-security] 20141105 Re: Re: strings / libbfd crasher",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/05/7"
},
{
"name" : "[oss-security] 20141113 Re: strings / libbfd crasher",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/13/2"
},
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17533",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17533"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "DSA-3123",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3123"
},
{
"name" : "FEDORA-2014-17586",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html"
},
{
"name" : "FEDORA-2014-17603",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html"
},
{
"name" : "FEDORA-2015-0471",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html"
},
{
"name" : "FEDORA-2015-0750",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html"
},
{
"name" : "GLSA-201612-24",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-24"
},
{
"name" : "MDVSA-2015:029",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029"
},
{
"name" : "USN-2496-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2496-1"
},
{
"name" : "71083",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71083"
},
{
"name" : "62241",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62241"
},
{
"name" : "62746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62746"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62241"
},
{
"name": "[oss-security] 20141105 Re: Re: strings / libbfd crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/05/7"
},
{
"name": "MDVSA-2015:029",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029"
},
{
"name": "FEDORA-2015-0750",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html"
},
{
"name": "USN-2496-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2496-1"
},
{
"name": "[oss-security] 20141103 Re: Re: strings / libbfd crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/02/4"
},
{
"name": "[oss-security] 20141113 Re: strings / libbfd crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/13/2"
},
{
"name": "71083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71083"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "FEDORA-2014-17603",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html"
},
{
"name": "FEDORA-2015-0471",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html"
},
{
"name": "62746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62746"
},
{
"name": "FEDORA-2014-17586",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17533",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17533"
},
{
"name": "DSA-3123",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3123"
},
{
"name": "GLSA-201612-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-24"
}
]
}
}

140
2014/9xxx/CVE-2014-9215.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9215",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141204 CVE-2014-9215 - SQL Injection in PBBoard CMS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534149/100/0/threaded"
},
{
"name" : "http://www.itas.vn/news/ITAS-Team-discovered-SQL-Injection-in-PBBoard-CMS-68.html",
"refsource" : "MISC",
"url" : "http://www.itas.vn/news/ITAS-Team-discovered-SQL-Injection-in-PBBoard-CMS-68.html"
},
{
"name" : "https://www.youtube.com/watch?v=AQiGvH5xrJg",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=AQiGvH5xrJg"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141204 CVE-2014-9215 - SQL Injection in PBBoard CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534149/100/0/threaded"
},
{
"name": "https://www.youtube.com/watch?v=AQiGvH5xrJg",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=AQiGvH5xrJg"
},
{
"name": "http://www.itas.vn/news/ITAS-Team-discovered-SQL-Injection-in-PBBoard-CMS-68.html",
"refsource": "MISC",
"url": "http://www.itas.vn/news/ITAS-Team-discovered-SQL-Injection-in-PBBoard-CMS-68.html"
}
]
}
}

300
2014/9xxx/CVE-2014-9419.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141225 Re: CVE Request: Linux x86_64 userspace address leak",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/12/25/1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f647d7c155f069c1a068030255c300663516420e",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f647d7c155f069c1a068030255c300663516420e"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1177260",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1177260"
},
{
"name" : "https://github.com/torvalds/linux/commit/f647d7c155f069c1a068030255c300663516420e",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/f647d7c155f069c1a068030255c300663516420e"
},
{
"name" : "DSA-3128",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3128"
},
{
"name" : "FEDORA-2015-0515",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html"
},
{
"name" : "FEDORA-2015-0517",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html"
},
{
"name" : "MDVSA-2015:058",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058"
},
{
"name" : "RHSA-2015:1081",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1081.html"
},
{
"name" : "SUSE-SU-2015:0529",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"name" : "SUSE-SU-2015:0736",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"name" : "openSUSE-SU-2015:0714",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html"
},
{
"name" : "USN-2515-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2515-1"
},
{
"name" : "USN-2516-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2516-1"
},
{
"name" : "USN-2517-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2517-1"
},
{
"name" : "USN-2518-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2518-1"
},
{
"name" : "USN-2541-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2541-1"
},
{
"name" : "USN-2542-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2542-1"
},
{
"name" : "71794",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71794"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-0517",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html"
},
{
"name": "USN-2515-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2515-1"
},
{
"name": "https://github.com/torvalds/linux/commit/f647d7c155f069c1a068030255c300663516420e",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f647d7c155f069c1a068030255c300663516420e"
},
{
"name": "USN-2542-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2542-1"
},
{
"name": "SUSE-SU-2015:0736",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"name": "USN-2541-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2541-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1177260",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1177260"
},
{
"name": "USN-2518-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2518-1"
},
{
"name": "MDVSA-2015:058",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058"
},
{
"name": "FEDORA-2015-0515",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html"
},
{
"name": "71794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71794"
},
{
"name": "SUSE-SU-2015:0529",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"name": "[oss-security] 20141225 Re: CVE Request: Linux x86_64 userspace address leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/25/1"
},
{
"name": "USN-2517-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2517-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f647d7c155f069c1a068030255c300663516420e",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f647d7c155f069c1a068030255c300663516420e"
},
{
"name": "openSUSE-SU-2015:0714",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html"
},
{
"name": "DSA-3128",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3128"
},
{
"name": "USN-2516-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2516-1"
},
{
"name": "RHSA-2015:1081",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1081.html"
}
]
}
}

34
2014/9xxx/CVE-2014-9538.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9538",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9538",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/9xxx/CVE-2014-9594.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/",
"refsource" : "MISC",
"url" : "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"name" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/",
"refsource" : "MISC",
"url" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
},
{
"name" : "62150",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62150"
},
{
"name": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
]
}
}

34
2014/9xxx/CVE-2014-9856.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9856",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9856",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/9xxx/CVE-2014-9935.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2014-9935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm Products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer Overflow to Buffer Overflow Vulnerability in TrustZone"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm Products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name" : "97329",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97329"
},
{
"name" : "1038201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow to Buffer Overflow Vulnerability in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "97329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97329"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
}

180
2016/2xxx/CVE-2016-2089.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160128 Re: invalid Read in the JasPer's jas_matrix_clip() function",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/01/28/6"
},
{
"name" : "[oss-security] 20160128 invalid Read in the JasPer's jas_matrix_clip() function",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/01/28/4"
},
{
"name" : "DSA-3508",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3508"
},
{
"name" : "RHSA-2017:1208",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name" : "openSUSE-SU-2016:0408",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00060.html"
},
{
"name" : "openSUSE-SU-2016:0413",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00063.html"
},
{
"name" : "83108",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/83108"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3508",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3508"
},
{
"name": "83108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83108"
},
{
"name": "[oss-security] 20160128 Re: invalid Read in the JasPer's jas_matrix_clip() function",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/28/6"
},
{
"name": "RHSA-2017:1208",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name": "[oss-security] 20160128 invalid Read in the JasPer's jas_matrix_clip() function",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/28/4"
},
{
"name": "openSUSE-SU-2016:0408",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00060.html"
},
{
"name": "openSUSE-SU-2016:0413",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00063.html"
}
]
}
}

130
2016/2xxx/CVE-2016-2297.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an \"access command shell-like feature.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160517 [ICS] Meteocontrol WEB'log Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an \"access command shell-like feature.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160517 [ICS] Meteocontrol WEB'log Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
]
}
}

34
2016/2xxx/CVE-2016-2701.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2701",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2701",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/3xxx/CVE-2016-3383.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3383",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-118",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118"
},
{
"name" : "93396",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93396"
},
{
"name" : "1036992",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036992"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-118",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118"
},
{
"name": "93396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93396"
},
{
"name": "1036992",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036992"
}
]
}
}

140
2016/3xxx/CVE-2016-3412.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3412",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource" : "CONFIRM",
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource" : "CONFIRM",
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name" : "95899",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95899"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95899"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}

130
2016/3xxx/CVE-2016-3434.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3434",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name" : "1035603",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035603"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "1035603",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035603"
}
]
}
}

120
2016/3xxx/CVE-2016-3753.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

140
2016/6xxx/CVE-2016-6442.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6442",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Finesse 11.0(1)",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Finesse 11.0(1)"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Finesse 11.0(1)",
"version": {
"version_data": [
{
"version_value": "Cisco Finesse 11.0(1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin"
},
{
"name" : "93519",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93519"
},
{
"name" : "1037004",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037004"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin"
},
{
"name": "93519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93519"
}
]
}
}

154
2016/6xxx/CVE-2016-6762.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-6762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-5.0.2"
},
{
"version_value" : "Android-5.1.1"
},
{
"version_value" : "Android-6.0"
},
{
"version_value" : "Android-6.0.1"
},
{
"version_value" : "Android-7.0"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31251826."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-5.0.2"
},
{
"version_value": "Android-5.1.1"
},
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name" : "94700",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94700"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31251826."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name": "94700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94700"
}
]
}
}

200
2016/7xxx/CVE-2016-7152.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7152",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/",
"refsource" : "MISC",
"url" : "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"name" : "https://tom.vg/papers/heist_blackhat2016.pdf",
"refsource" : "MISC",
"url" : "https://tom.vg/papers/heist_blackhat2016.pdf"
},
{
"name" : "92769",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92769"
},
{
"name" : "1036744",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036744"
},
{
"name" : "1036741",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036741"
},
{
"name" : "1036742",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036742"
},
{
"name" : "1036743",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036743"
},
{
"name" : "1036745",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036745"
},
{
"name" : "1036746",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036746"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036741",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036741"
},
{
"name": "1036742",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036742"
},
{
"name": "92769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92769"
},
{
"name": "https://tom.vg/papers/heist_blackhat2016.pdf",
"refsource": "MISC",
"url": "https://tom.vg/papers/heist_blackhat2016.pdf"
},
{
"name": "1036745",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036745"
},
{
"name": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/",
"refsource": "MISC",
"url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"name": "1036744",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036744"
},
{
"name": "1036743",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036743"
},
{
"name": "1036746",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036746"
}
]
}
}

180
2016/7xxx/CVE-2016-7202.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40786",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40786/"
},
{
"name" : "40793",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40793/"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-593",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-593"
},
{
"name" : "MS16-129",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129"
},
{
"name" : "MS16-144",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144"
},
{
"name" : "94042",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94042"
},
{
"name" : "1037245",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037245"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40793",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40793/"
},
{
"name": "MS16-129",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129"
},
{
"name": "MS16-144",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144"
},
{
"name": "40786",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40786/"
},
{
"name": "94042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94042"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-593",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-593"
},
{
"name": "1037245",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037245"
}
]
}
}

34
2016/7xxx/CVE-2016-7748.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7748",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7748",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/7xxx/CVE-2016-7901.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7901",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7901",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}