admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:35:42 +00:00
parent 6bb090612f
commit 739f584257
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 3788 additions and 3788 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2006/0xxx/CVE-2006-0182.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0182",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to \"inside\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060112 [eVuln] ACal Authentication Bypass & PHP Code Insertion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421744/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/25/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/25/summary.html"
},
{
"name" : "ADV-2006-0152",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0152"
},
{
"name" : "22344",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22344"
},
{
"name" : "18432",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18432"
},
{
"name" : "343",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/343"
},
{
"name" : "acal-login-auth-bypass(24104)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to \"inside\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "343",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/343"
},
{
"name": "http://evuln.com/vulns/25/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/25/summary.html"
},
{
"name": "ADV-2006-0152",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0152"
},
{
"name": "18432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18432"
},
{
"name": "acal-login-auth-bypass(24104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24104"
},
{
"name": "20060112 [eVuln] ACal Authentication Bypass & PHP Code Insertion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421744/100/0/threaded"
},
{
"name": "22344",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22344"
}
]
}
}

220
2006/0xxx/CVE-2006-0324.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060119 [eVuln] WebspotBlogging Authentication Bypass Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422364/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/41/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/41/summary.html"
},
{
"name" : "https://sourceforge.net/forum/forum.php?forum_id=532233",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/forum/forum.php?forum_id=532233"
},
{
"name" : "https://sourceforge.net/project/shownotes.php?release_id=387180&group_id=156586",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/project/shownotes.php?release_id=387180&group_id=156586"
},
{
"name" : "16319",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16319"
},
{
"name" : "ADV-2006-0268",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0268"
},
{
"name" : "22670",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22670"
},
{
"name" : "1015522",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015522"
},
{
"name" : "18560",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18560"
},
{
"name" : "356",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/356"
},
{
"name" : "webspotblogging-login-sql-injection(24222)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24222"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18560",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18560"
},
{
"name": "webspotblogging-login-sql-injection(24222)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24222"
},
{
"name": "https://sourceforge.net/project/shownotes.php?release_id=387180&group_id=156586",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/project/shownotes.php?release_id=387180&group_id=156586"
},
{
"name": "1015522",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015522"
},
{
"name": "https://sourceforge.net/forum/forum.php?forum_id=532233",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/forum/forum.php?forum_id=532233"
},
{
"name": "20060119 [eVuln] WebspotBlogging Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422364/100/0/threaded"
},
{
"name": "ADV-2006-0268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0268"
},
{
"name": "16319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16319"
},
{
"name": "22670",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22670"
},
{
"name": "356",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/356"
},
{
"name": "http://evuln.com/vulns/41/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/41/summary.html"
}
]
}
}

150
2006/0xxx/CVE-2006-0576.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0576",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060207 Arbitrary code execution via OProfile",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/424325/100/0/threaded"
},
{
"name" : "http://www.redhat.com/magazine/012oct05/features/oprofile/",
"refsource" : "MISC",
"url" : "http://www.redhat.com/magazine/012oct05/features/oprofile/"
},
{
"name" : "16536",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16536"
},
{
"name" : "oval:org.mitre.oval:def:10890",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10890"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060207 Arbitrary code execution via OProfile",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424325/100/0/threaded"
},
{
"name": "http://www.redhat.com/magazine/012oct05/features/oprofile/",
"refsource": "MISC",
"url": "http://www.redhat.com/magazine/012oct05/features/oprofile/"
},
{
"name": "oval:org.mitre.oval:def:10890",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10890"
},
{
"name": "16536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16536"
}
]
}
}

190
2006/1xxx/CVE-2006-1276.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060322 [eVuln] PHP SimpleNEWS, PHP SimpleNEWS MySQL - Authentication Bypass Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/428427"
},
{
"name" : "http://evuln.com/vulns/94/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/94/summary.html"
},
{
"name" : "17186",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17186"
},
{
"name" : "ADV-2006-0913",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0913"
},
{
"name" : "23803",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23803"
},
{
"name" : "19195",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19195"
},
{
"name" : "613",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/613"
},
{
"name" : "simplenews-admin-bypass-security(25177)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25177"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "simplenews-admin-bypass-security(25177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25177"
},
{
"name": "17186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17186"
},
{
"name": "613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/613"
},
{
"name": "20060322 [eVuln] PHP SimpleNEWS, PHP SimpleNEWS MySQL - Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428427"
},
{
"name": "http://evuln.com/vulns/94/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/94/summary.html"
},
{
"name": "23803",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23803"
},
{
"name": "ADV-2006-0913",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0913"
},
{
"name": "19195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19195"
}
]
}
}

150
2006/1xxx/CVE-2006-1644.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-1244",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name" : "24388",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24388"
},
{
"name" : "19488",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19488"
},
{
"name" : "interact-login-error-info-disclosure(25651)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25651"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19488"
},
{
"name": "ADV-2006-1244",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name": "24388",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24388"
},
{
"name": "interact-login-error-info-disclosure(25651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25651"
}
]
}
}

180
2006/1xxx/CVE-2006-1967.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/04/portal-pack-6-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/04/portal-pack-6-xss-vuln.html"
},
{
"name" : "17628",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17628"
},
{
"name" : "ADV-2006-1440",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1440"
},
{
"name" : "24761",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24761"
},
{
"name" : "19695",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19695"
},
{
"name" : "503",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/503"
},
{
"name" : "portalpack-multiple-xss(25940)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25940"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "portalpack-multiple-xss(25940)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25940"
},
{
"name": "ADV-2006-1440",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1440"
},
{
"name": "503",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/503"
},
{
"name": "19695",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19695"
},
{
"name": "17628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17628"
},
{
"name": "24761",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24761"
},
{
"name": "http://pridels0.blogspot.com/2006/04/portal-pack-6-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/portal-pack-6-xss-vuln.html"
}
]
}
}

160
2006/4xxx/CVE-2006-4766.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4766",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060912 Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445818/100/0/threaded"
},
{
"name" : "ADV-2006-3558",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3558"
},
{
"name" : "28811",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28811"
},
{
"name" : "21826",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21826"
},
{
"name" : "1574",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1574"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060912 Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445818/100/0/threaded"
},
{
"name": "1574",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1574"
},
{
"name": "28811",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28811"
},
{
"name": "21826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21826"
},
{
"name": "ADV-2006-3558",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3558"
}
]
}
}

330
2006/4xxx/CVE-2006-4800.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=133520",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=133520"
},
{
"name" : "DSA-1215",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2006/dsa-1215"
},
{
"name" : "GLSA-200609-09",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200609-09.xml"
},
{
"name" : "MDKSA-2006:173",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:173"
},
{
"name" : "MDKSA-2006:174",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:174"
},
{
"name" : "MDKSA-2006:175",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:175"
},
{
"name" : "MDKSA-2006:176",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:176"
},
{
"name" : "SUSE-SA:2006:073",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"name" : "USN-358-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-358-1"
},
{
"name" : "20009",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20009"
},
{
"name" : "21921",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21921"
},
{
"name" : "22180",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22180"
},
{
"name" : "22181",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22181"
},
{
"name" : "22182",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22182"
},
{
"name" : "22198",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22198"
},
{
"name" : "22200",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22200"
},
{
"name" : "22201",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22201"
},
{
"name" : "22202",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22202"
},
{
"name" : "22203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22203"
},
{
"name" : "22230",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22230"
},
{
"name" : "23010",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23010"
},
{
"name" : "23213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2006:174",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:174"
},
{
"name": "22181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22181"
},
{
"name": "SUSE-SA:2006:073",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"name": "22230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22230"
},
{
"name": "22201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22201"
},
{
"name": "20009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20009"
},
{
"name": "23010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23010"
},
{
"name": "USN-358-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-358-1"
},
{
"name": "23213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23213"
},
{
"name": "22200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22200"
},
{
"name": "22198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22198"
},
{
"name": "MDKSA-2006:173",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:173"
},
{
"name": "21921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21921"
},
{
"name": "MDKSA-2006:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:176"
},
{
"name": "DSA-1215",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1215"
},
{
"name": "22182",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22182"
},
{
"name": "MDKSA-2006:175",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:175"
},
{
"name": "22180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22180"
},
{
"name": "22203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22203"
},
{
"name": "22202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22202"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=133520",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=133520"
},
{
"name": "GLSA-200609-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-09.xml"
}
]
}
}

150
2006/4xxx/CVE-2006-4801.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.netragard.com/pdfs/research/ROXIO_RACE_NETRAGARD-20060624.txt",
"refsource" : "MISC",
"url" : "http://www.netragard.com/pdfs/research/ROXIO_RACE_NETRAGARD-20060624.txt"
},
{
"name" : "19955",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19955"
},
{
"name" : "ADV-2006-3608",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3608"
},
{
"name" : "21867",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21867"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19955"
},
{
"name": "21867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21867"
},
{
"name": "http://www.netragard.com/pdfs/research/ROXIO_RACE_NETRAGARD-20060624.txt",
"refsource": "MISC",
"url": "http://www.netragard.com/pdfs/research/ROXIO_RACE_NETRAGARD-20060624.txt"
},
{
"name": "ADV-2006-3608",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3608"
}
]
}
}

140
2006/4xxx/CVE-2006-4886.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060915 McAfee VirusScan Enterprise - disabling the client side \"On-Access Scan\"",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446220/100/0/threaded"
},
{
"name" : "1605",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1605"
},
{
"name" : "mcafee-virusscan-onaccess-security-bypass(28971)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28971"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1605",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1605"
},
{
"name": "20060915 McAfee VirusScan Enterprise - disabling the client side \"On-Access Scan\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446220/100/0/threaded"
},
{
"name": "mcafee-virusscan-onaccess-security-bypass(28971)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28971"
}
]
}
}

170
2006/5xxx/CVE-2006-5085.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5085",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060927 Blog Pixel Motion V2.1.1 PHP Code Execution / Create Admin Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447167/100/0/threaded"
},
{
"name" : "http://acid-root.new.fr/poc/12060927.txt",
"refsource" : "MISC",
"url" : "http://acid-root.new.fr/poc/12060927.txt"
},
{
"name" : "20235",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20235"
},
{
"name" : "22163",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22163"
},
{
"name" : "1653",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1653"
},
{
"name" : "blog-pixel-motion-config-code-execution(29217)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29217"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22163"
},
{
"name": "blog-pixel-motion-config-code-execution(29217)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29217"
},
{
"name": "20235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20235"
},
{
"name": "20060927 Blog Pixel Motion V2.1.1 PHP Code Execution / Create Admin Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447167/100/0/threaded"
},
{
"name": "http://acid-root.new.fr/poc/12060927.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/poc/12060927.txt"
},
{
"name": "1653",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1653"
}
]
}
}

160
2006/5xxx/CVE-2006-5406.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Passgo Defender 5.2 creates the application directory with insecure permissions (Everyone/Full Control), which allows local users to read and modify sensitive files. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20600",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20600"
},
{
"name" : "ADV-2006-4091",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4091"
},
{
"name" : "29789",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29789"
},
{
"name" : "22271",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22271"
},
{
"name" : "defender-directory-insecure-permission(29657)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29657"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Passgo Defender 5.2 creates the application directory with insecure permissions (Everyone/Full Control), which allows local users to read and modify sensitive files. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29789",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29789"
},
{
"name": "22271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22271"
},
{
"name": "defender-directory-insecure-permission(29657)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29657"
},
{
"name": "ADV-2006-4091",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4091"
},
{
"name": "20600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20600"
}
]
}
}

140
2010/0xxx/CVE-2010-0786.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0786",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name" : "PM13777",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM13777"
},
{
"name" : "was-jaxws-dos(62950)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62950"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "was-jaxws-dos(62950)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62950"
},
{
"name": "PM13777",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM13777"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
}
]
}
}

140
2010/0xxx/CVE-2010-0877.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name" : "TA10-103B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name" : "opejee-peopletools-unspecified-var1(57736)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57736"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-103B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name": "opejee-peopletools-unspecified-var1(57736)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57736"
}
]
}
}

160
2010/2xxx/CVE-2010-2210.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2210",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name" : "41242",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41242"
},
{
"name" : "oval:org.mitre.oval:def:6929",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6929"
},
{
"name" : "1024159",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024159"
},
{
"name" : "ADV-2010-1636",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1636"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name": "1024159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024159"
},
{
"name": "41242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41242"
},
{
"name": "oval:org.mitre.oval:def:6929",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6929"
}
]
}
}

200
2010/2xxx/CVE-2010-2278.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the \"force SSL\" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
},
{
"name" : "LO47429",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO47429"
},
{
"name" : "LO47496",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO47496"
},
{
"name" : "LO47501",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO47501"
},
{
"name" : "LO47610",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO47610"
},
{
"name" : "LO47642",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO47642"
},
{
"name" : "LO47669",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO47669"
},
{
"name" : "40007",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40007"
},
{
"name" : "ADV-2010-1281",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1281"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the \"force SSL\" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1281",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO47496",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO47496"
},
{
"name": "LO47642",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO47642"
},
{
"name": "LO47669",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO47669"
},
{
"name": "LO47610",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO47610"
},
{
"name": "LO47501",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO47501"
},
{
"name": "40007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40007"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
},
{
"name": "LO47429",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO47429"
}
]
}
}

34
2010/2xxx/CVE-2010-2446.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2446",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2446",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2010/2xxx/CVE-2010-2609.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13978",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/13978"
},
{
"name" : "http://packetstormsecurity.org/1006-exploits/jobsearchengine-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1006-exploits/jobsearchengine-sql.txt"
},
{
"name" : "41018",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41018"
},
{
"name" : "65665",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/65665"
},
{
"name" : "40290",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40290"
},
{
"name" : "ADV-2010-1581",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1581"
},
{
"name" : "jobsearchengine-keyword-sql-injection(59628)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59628"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41018"
},
{
"name": "jobsearchengine-keyword-sql-injection(59628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59628"
},
{
"name": "13978",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13978"
},
{
"name": "65665",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65665"
},
{
"name": "40290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40290"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/jobsearchengine-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/jobsearchengine-sql.txt"
},
{
"name": "ADV-2010-1581",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1581"
}
]
}
}

200
2010/2xxx/CVE-2010-2860.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2860",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100803 TWSL2010-003: Unauthorized access to root NFS export on EMC Celerra NAS appliance",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512823/100/0/threaded"
},
{
"name" : "20100908 ESA-2010-015: EMC Celerra NFS authentication bypass vulnerability using IP spoofing.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513564/100/0/threaded"
},
{
"name" : "14536",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14536"
},
{
"name" : "20100802 TWSL2010-003: Unauthorized access to root NFS export on EMC Celerra NAS appliance",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0018.html"
},
{
"name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-003.txt",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-003.txt"
},
{
"name" : "42134",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42134"
},
{
"name" : "1024271",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024271"
},
{
"name" : "ADV-2010-2337",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2337"
},
{
"name" : "celerra-ipaddress-unauth-access(60885)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60885"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-003.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-003.txt"
},
{
"name": "1024271",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024271"
},
{
"name": "ADV-2010-2337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2337"
},
{
"name": "20100803 TWSL2010-003: Unauthorized access to root NFS export on EMC Celerra NAS appliance",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512823/100/0/threaded"
},
{
"name": "20100802 TWSL2010-003: Unauthorized access to root NFS export on EMC Celerra NAS appliance",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0018.html"
},
{
"name": "14536",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14536"
},
{
"name": "celerra-ipaddress-unauth-access(60885)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60885"
},
{
"name": "42134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42134"
},
{
"name": "20100908 ESA-2010-015: EMC Celerra NFS authentication bypass vulnerability using IP spoofing.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513564/100/0/threaded"
}
]
}
}

220
2010/2xxx/CVE-2010-2951.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2951",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100824 CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/24/6"
},
{
"name" : "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/24/7"
},
{
"name" : "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/25/2"
},
{
"name" : "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/25/6"
},
{
"name" : "[squid-users] 20100824 Squid 3.1.7 is available",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=squid-users&m=128263555724981&w=2"
},
{
"name" : "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072",
"refsource" : "CONFIRM",
"url" : "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=334263",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=334263"
},
{
"name" : "http://bugs.squid-cache.org/show_bug.cgi?id=3009",
"refsource" : "CONFIRM",
"url" : "http://bugs.squid-cache.org/show_bug.cgi?id=3009"
},
{
"name" : "http://bugs.squid-cache.org/show_bug.cgi?id=3021",
"refsource" : "CONFIRM",
"url" : "http://bugs.squid-cache.org/show_bug.cgi?id=3021"
},
{
"name" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=626927",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=626927"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/6"
},
{
"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/7"
},
{
"name": "http://bugs.squid-cache.org/show_bug.cgi?id=3009",
"refsource": "CONFIRM",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3009"
},
{
"name": "[squid-users] 20100824 Squid 3.1.7 is available",
"refsource": "MLIST",
"url": "http://marc.info/?l=squid-users&m=128263555724981&w=2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=626927",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626927"
},
{
"name": "http://bugs.squid-cache.org/show_bug.cgi?id=3021",
"refsource": "CONFIRM",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3021"
},
{
"name": "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072",
"refsource": "CONFIRM",
"url": "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=334263",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=334263"
},
{
"name": "[oss-security] 20100824 CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/6"
},
{
"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/2"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch"
}
]
}
}

390
2010/3xxx/CVE-2010-3554.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3554",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to \"permissions granted to certain system objects.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100114315",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100114315"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100114327",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100114327"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=639880",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=639880"
},
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100123193",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100123193"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "FEDORA-2010-16240",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
},
{
"name" : "FEDORA-2010-16294",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
},
{
"name" : "FEDORA-2010-16312",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBUX02608",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
},
{
"name" : "SSRT100333",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "RHSA-2010:0770",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"name" : "RHSA-2010:0768",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
},
{
"name" : "RHSA-2010:0865",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
},
{
"name" : "SUSE-SR:2010:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name" : "USN-1010-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1010-1"
},
{
"name" : "43994",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43994"
},
{
"name" : "oval:org.mitre.oval:def:12189",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12189"
},
{
"name" : "oval:org.mitre.oval:def:12449",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12449"
},
{
"name" : "41972",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41972"
},
{
"name" : "42377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42377"
},
{
"name" : "42974",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42974"
},
{
"name" : "ADV-2010-3086",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3086"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to \"permissions granted to certain system objects.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.avaya.com/css/P8/documents/100114327",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100114327"
},
{
"name": "RHSA-2010:0865",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100114315",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100114315"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "RHSA-2010:0770",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"name": "SSRT100333",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
},
{
"name": "RHSA-2010:0768",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
},
{
"name": "FEDORA-2010-16240",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
},
{
"name": "oval:org.mitre.oval:def:12189",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12189"
},
{
"name": "USN-1010-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1010-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=639880",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880"
},
{
"name": "oval:org.mitre.oval:def:12449",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12449"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "42974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42974"
},
{
"name": "41972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41972"
},
{
"name": "ADV-2010-3086",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3086"
},
{
"name": "HPSBUX02608",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
},
{
"name": "http://support.avaya.com/css/P8/documents/100123193",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100123193"
},
{
"name": "42377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42377"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "43994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43994"
},
{
"name": "FEDORA-2010-16312",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
},
{
"name": "FEDORA-2010-16294",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
}
]
}
}

180
2010/3xxx/CVE-2010-3603.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15018",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15018"
},
{
"name" : "http://packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdf",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdf"
},
{
"name" : "http://packetstormsecurity.org/1009-exploits/moaub-mojoportal.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-exploits/moaub-mojoportal.txt"
},
{
"name" : "http://www.mojoportal.com/mojoportal-2352-released.aspx",
"refsource" : "CONFIRM",
"url" : "http://www.mojoportal.com/mojoportal-2352-released.aspx"
},
{
"name" : "68060",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/68060"
},
{
"name" : "41481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41481"
},
{
"name" : "mojoportal-fileservice-csrf(61834)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61834"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41481"
},
{
"name": "http://packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdf",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdf"
},
{
"name": "mojoportal-fileservice-csrf(61834)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61834"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/moaub-mojoportal.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/moaub-mojoportal.txt"
},
{
"name": "68060",
"refsource": "OSVDB",
"url": "http://osvdb.org/68060"
},
{
"name": "15018",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15018"
},
{
"name": "http://www.mojoportal.com/mojoportal-2352-released.aspx",
"refsource": "CONFIRM",
"url": "http://www.mojoportal.com/mojoportal-2352-released.aspx"
}
]
}
}

330
2010/4xxx/CVE-2010-4091.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4091",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-4091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15419",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15419"
},
{
"name" : "20101103 [0dayz] Acrobat Reader Memory Corruption Remote Arbitrary Code Execution",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html"
},
{
"name" : "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html",
"refsource" : "MISC",
"url" : "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html"
},
{
"name" : "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html",
"refsource" : "MISC",
"url" : "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-28.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"name" : "GLSA-201101-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name" : "RHSA-2010:0934",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
},
{
"name" : "SUSE-SA:2010:058",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
},
{
"name" : "44638",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44638"
},
{
"name" : "69005",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69005"
},
{
"name" : "oval:org.mitre.oval:def:12527",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527"
},
{
"name" : "1024684",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024684"
},
{
"name" : "1025033",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025033"
},
{
"name" : "42095",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42095"
},
{
"name" : "42401",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42401"
},
{
"name" : "43025",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43025"
},
{
"name" : "ADV-2010-2890",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2890"
},
{
"name" : "ADV-2010-3111",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3111"
},
{
"name" : "ADV-2011-0191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name" : "ADV-2011-0337",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name" : "adobe-reader-pdf-file-ce(62996)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62996"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42095"
},
{
"name": "69005",
"refsource": "OSVDB",
"url": "http://osvdb.org/69005"
},
{
"name": "ADV-2011-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name": "43025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43025"
},
{
"name": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html",
"refsource": "MISC",
"url": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html"
},
{
"name": "ADV-2010-3111",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3111"
},
{
"name": "ADV-2010-2890",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2890"
},
{
"name": "GLSA-201101-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "44638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44638"
},
{
"name": "RHSA-2010:0934",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
},
{
"name": "20101103 [0dayz] Acrobat Reader Memory Corruption Remote Arbitrary Code Execution",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html"
},
{
"name": "ADV-2011-0337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name": "1025033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name": "42401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42401"
},
{
"name": "1024684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024684"
},
{
"name": "oval:org.mitre.oval:def:12527",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527"
},
{
"name": "15419",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15419"
},
{
"name": "adobe-reader-pdf-file-ce(62996)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62996"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-28.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
},
{
"name": "SUSE-SA:2010:058",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"name": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html",
"refsource": "MISC",
"url": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html"
}
]
}
}

170
2010/4xxx/CVE-2010-4272.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4272",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15367",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15367"
},
{
"name" : "http://packetstormsecurity.org/1011-exploits/joomlasponsorwall-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1011-exploits/joomlasponsorwall-sql.txt"
},
{
"name" : "44571",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44571"
},
{
"name" : "68956",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/68956"
},
{
"name" : "42072",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42072"
},
{
"name" : "sponsorwall-index-sql-injection(62915)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62915"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68956",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68956"
},
{
"name": "42072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42072"
},
{
"name": "44571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44571"
},
{
"name": "sponsorwall-index-sql-injection(62915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62915"
},
{
"name": "http://packetstormsecurity.org/1011-exploits/joomlasponsorwall-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1011-exploits/joomlasponsorwall-sql.txt"
},
{
"name": "15367",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15367"
}
]
}
}

150
2010/4xxx/CVE-2010-4386.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4386",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted RealMedia video file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101210 RealNetworks RealPlayer Memory Corruption Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=883"
},
{
"name" : "http://service.real.com/realplayer/security/12102010_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/12102010_player/en/"
},
{
"name" : "RHSA-2010:0981",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0981.html"
},
{
"name" : "1024861",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024861"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted RealMedia video file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0981",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0981.html"
},
{
"name": "20101210 RealNetworks RealPlayer Memory Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=883"
},
{
"name": "1024861",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024861"
},
{
"name": "http://service.real.com/realplayer/security/12102010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/12102010_player/en/"
}
]
}
}

140
2010/4xxx/CVE-2010-4591.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27020327",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27020327"
},
{
"name" : "IZ74393",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ74393"
},
{
"name" : "42703",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42703"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42703"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327"
},
{
"name": "IZ74393",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ74393"
}
]
}
}

150
2011/5xxx/CVE-2011-5169.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111002 SonicWall Viewpoint v6.0 SP2 - SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/519983/100/0/threaded"
},
{
"name" : "http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=RN&id=379",
"refsource" : "MISC",
"url" : "http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=RN&id=379"
},
{
"name" : "http://www.vulnerability-lab.com/get_content.php?id=196",
"refsource" : "MISC",
"url" : "http://www.vulnerability-lab.com/get_content.php?id=196"
},
{
"name" : "49906",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49906"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=196",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=196"
},
{
"name": "20111002 SonicWall Viewpoint v6.0 SP2 - SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519983/100/0/threaded"
},
{
"name": "49906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49906"
},
{
"name": "http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=RN&id=379",
"refsource": "MISC",
"url": "http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=RN&id=379"
}
]
}
}

160
2011/5xxx/CVE-2011-5235.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mnogosearch.org/doc33/msearch-changelog.html#changelog-3-3-12",
"refsource" : "CONFIRM",
"url" : "http://www.mnogosearch.org/doc33/msearch-changelog.html#changelog-3-3-12"
},
{
"name" : "51113",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51113"
},
{
"name" : "77949",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/77949"
},
{
"name" : "47272",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47272"
},
{
"name" : "mnogosearch-hostnames-sql-injection(71884)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71884"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mnogosearch-hostnames-sql-injection(71884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71884"
},
{
"name": "77949",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77949"
},
{
"name": "47272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47272"
},
{
"name": "http://www.mnogosearch.org/doc33/msearch-changelog.html#changelog-3-3-12",
"refsource": "CONFIRM",
"url": "http://www.mnogosearch.org/doc33/msearch-changelog.html#changelog-3-3-12"
},
{
"name": "51113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51113"
}
]
}
}

190
2014/3xxx/CVE-2014-3178.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3178",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-3178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_9.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_9.html"
},
{
"name" : "https://crbug.com/401362",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/401362"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=180539&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=180539&view=revision"
},
{
"name" : "DSA-3039",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3039"
},
{
"name" : "GLSA-201409-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201409-06.xml"
},
{
"name" : "69709",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69709"
},
{
"name" : "61446",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61446"
},
{
"name" : "google-chrome-cve20143178-code-exec(95815)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95815"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201409-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201409-06.xml"
},
{
"name": "https://crbug.com/401362",
"refsource": "CONFIRM",
"url": "https://crbug.com/401362"
},
{
"name": "google-chrome-cve20143178-code-exec(95815)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95815"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=180539&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=180539&view=revision"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_9.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_9.html"
},
{
"name": "61446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61446"
},
{
"name": "DSA-3039",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3039"
},
{
"name": "69709",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69709"
}
]
}
}

34
2014/3xxx/CVE-2014-3212.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3212",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3212",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2014/3xxx/CVE-2014-3730.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by \"http:\\\\\\djangoproject.com.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-3730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140514 CVE Reuest: Django: Malformed URLs from user input incorrectly validated",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/14/10"
},
{
"name" : "[oss-security] 20140514 Re: CVE Reuest: Django: Malformed URLs from user input incorrectly validated",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/15/3"
},
{
"name" : "https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/",
"refsource" : "CONFIRM",
"url" : "https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/"
},
{
"name" : "DSA-2934",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2934"
},
{
"name" : "openSUSE-SU-2014:1132",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html"
},
{
"name" : "USN-2212-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-2212-1"
},
{
"name" : "67410",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67410"
},
{
"name" : "61281",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61281"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by \"http:\\\\\\djangoproject.com.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61281",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61281"
},
{
"name": "DSA-2934",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2934"
},
{
"name": "USN-2212-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2212-1"
},
{
"name": "67410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67410"
},
{
"name": "openSUSE-SU-2014:1132",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html"
},
{
"name": "[oss-security] 20140514 Re: CVE Reuest: Django: Malformed URLs from user input incorrectly validated",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/3"
},
{
"name": "https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/",
"refsource": "CONFIRM",
"url": "https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/"
},
{
"name": "[oss-security] 20140514 CVE Reuest: Django: Malformed URLs from user input incorrectly validated",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/10"
}
]
}
}

150
2014/3xxx/CVE-2014-3948.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3948",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/06/03/3"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-007",
"refsource" : "MISC",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-007"
},
{
"name" : "http://typo3.org/extensions/repository/view/powermail",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/powermail"
},
{
"name" : "58909",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58909"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/powermail",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/powermail"
},
{
"name": "58909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58909"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-007",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-007"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/3"
}
]
}
}

130
2014/4xxx/CVE-2014-4847.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4847",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/127292/WordPress-Random-Banner-1.1.2.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127292/WordPress-Random-Banner-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name" : "68280",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68280"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127292/WordPress-Random-Banner-1.1.2.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127292/WordPress-Random-Banner-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name": "68280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68280"
}
]
}
}

140
2014/7xxx/CVE-2014-7360.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The How To Boil Eggs (aka com.appmakr.app842173) application 251333 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#726377",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/726377"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The How To Boil Eggs (aka com.appmakr.app842173) application 251333 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#726377",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/726377"
}
]
}
}

120
2014/8xxx/CVE-2014-8570.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2014-8570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "S9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300E, S9303E, S9306E, S9312E, S9700, S9703, S9706, S9712,S12708, S12712,5700HI,5300HI, 5710EI,5310EI, 5710HI,5310HI, 6700EI,6300EI S9300, S9303, S9306, S9312 with software V100R002,S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005,S9300E, S9303E, S9306E, S9312E with software V200R001,S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005,S12708, S12712 with software V200R005,5700HI,5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005,5710EI,5310EI with software V200R002, V200R003, V200R005,5710HI,5310HI with software V200R003, V200R005,6700EI,6300EI with software V200R00",
"version" : {
"version_data" : [
{
"version_value" : "S9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300E, S9303E, S9306E, S9312E, S9700, S9703, S9706, S9712,S12708, S12712,5700HI,5300HI, 5710EI,5310EI, 5710HI,5310HI, 6700EI,6300EI S9300, S9303, S9306, S9312 with software V100R002,S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005,S9300E, S9303E, S9306E, S9312E with software V200R001,S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005,S12708, S12712 with software V200R005,5700HI,5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005,5710EI,5310EI with software V200R002, V200R003, V200R005,5710HI,5310HI with software V200R003, V200R005,6700EI,6300EI with software V200R00"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Leakage"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2014-8570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300E, S9303E, S9306E, S9312E, S9700, S9703, S9706, S9712,S12708, S12712,5700HI,5300HI, 5710EI,5310EI, 5710HI,5310HI, 6700EI,6300EI S9300, S9303, S9306, S9312 with software V100R002,S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005,S9300E, S9303E, S9306E, S9312E with software V200R001,S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005,S12708, S12712 with software V200R005,5700HI,5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005,5710EI,5310EI with software V200R002, V200R003, V200R005,5710HI,5310HI with software V200R003, V200R005,6700EI,6300EI with software V200R00",
"version": {
"version_data": [
{
"version_value": "S9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300E, S9303E, S9306E, S9312E, S9700, S9703, S9706, S9712,S12708, S12712,5700HI,5300HI, 5710EI,5310EI, 5710HI,5310HI, 6700EI,6300EI S9300, S9303, S9306, S9312 with software V100R002,S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005,S9300E, S9303E, S9306E, S9312E with software V200R001,S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005,S12708, S12712 with software V200R005,5700HI,5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005,5710EI,5310EI with software V200R002, V200R003, V200R005,5710HI,5310HI with software V200R003, V200R005,6700EI,6300EI with software V200R00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/hw-372145",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/hw-372145"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-372145",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372145"
}
]
}
}

140
2014/8xxx/CVE-2014-8870.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8870",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the board_url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150112 CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534450/100/0/threaded"
},
{
"name" : "20150112 CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jan/32"
},
{
"name" : "71998",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71998"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the board_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150112 CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/32"
},
{
"name": "71998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71998"
},
{
"name": "20150112 CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534450/100/0/threaded"
}
]
}
}

130
2014/8xxx/CVE-2014-8924.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8924",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21882820",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21882820"
},
{
"name" : "1032275",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032275"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21882820",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882820"
}
]
}
}

130
2014/9xxx/CVE-2014-9516.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9516",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the \"Web Site\" input in the Profile section."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35659",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35659"
},
{
"name" : "116553",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/116553"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the \"Web Site\" input in the Profile section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "116553",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/116553"
},
{
"name": "35659",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35659"
}
]
}
}

34
2016/2xxx/CVE-2016-2035.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2035",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2035",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2635.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2635",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2635",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2765.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2765",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2765",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

200
2016/2xxx/CVE-2016-2774.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2774",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.isc.org/article/AA-01354",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/article/AA-01354"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name" : "FEDORA-2016-821f013cb1",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name" : "FEDORA-2016-c93d49faf3",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name" : "RHSA-2016:2590",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name" : "openSUSE-SU-2016:1843",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name" : "USN-3586-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3586-1/"
},
{
"name" : "84208",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84208"
},
{
"name" : "1035196",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035196"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2590",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name": "1035196",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035196"
},
{
"name": "https://kb.isc.org/article/AA-01354",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01354"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "FEDORA-2016-821f013cb1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name": "USN-3586-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "openSUSE-SU-2016:1843",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name": "FEDORA-2016-c93d49faf3",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name": "84208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84208"
}
]
}
}

34
2016/3xxx/CVE-2016-3148.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3148",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3148",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

198
2016/6xxx/CVE-2016-6060.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational DOORS Next Generation",
"version" : {
"version_data" : [
{
"version_value" : "4.0.1"
},
{
"version_value" : "4.0.5"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "4.0.2"
},
{
"version_value" : "4.0.3"
},
{
"version_value" : "4.0.4"
},
{
"version_value" : "4.0.6"
},
{
"version_value" : "4.0.7"
},
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "4.0.1"
},
{
"version_value": "4.0.5"
},
{
"version_value": "5.0.2"
},
{
"version_value": "4.0.2"
},
{
"version_value": "4.0.3"
},
{
"version_value": "4.0.4"
},
{
"version_value": "4.0.6"
},
{
"version_value": "4.0.7"
},
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21995547",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21995547"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995547",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995547"
}
]
}
}

130
2016/6xxx/CVE-2016-6411.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6411",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160921 Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
},
{
"name" : "1036877",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036877"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036877"
},
{
"name": "20160921 Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
}
]
}
}

130
2016/6xxx/CVE-2016-6657.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"ID" : "CVE-2016-6657",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10",
"version" : {
"version_data" : [
{
"version_value" : "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2016-6657",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2016-6657"
},
{
"name" : "94126",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open redirect vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-6657",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6657"
},
{
"name": "94126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94126"
}
]
}
}

140
2016/7xxx/CVE-2016-7280.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7280",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Edge Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7206."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-145",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145"
},
{
"name" : "94750",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94750"
},
{
"name" : "1037444",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037444"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Edge Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-7206."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037444",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037444"
},
{
"name": "94750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94750"
},
{
"name": "MS16-145",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145"
}
]
}
}

34
2016/7xxx/CVE-2016-7331.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7331",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7331",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

130
2016/7xxx/CVE-2016-7786.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7786",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44469",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44469/"
},
{
"name" : "https://infosecninja.blogspot.in/2017/04/cve-2016-7786-sophos-cyberoam-utm.html",
"refsource" : "MISC",
"url" : "https://infosecninja.blogspot.in/2017/04/cve-2016-7786-sophos-cyberoam-utm.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://infosecninja.blogspot.in/2017/04/cve-2016-7786-sophos-cyberoam-utm.html",
"refsource": "MISC",
"url": "https://infosecninja.blogspot.in/2017/04/cve-2016-7786-sophos-cyberoam-utm.html"
},
{
"name": "44469",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44469/"
}
]
}
}