admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:56:11 +00:00
parent b45dfea59f
commit 751cb51d70
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4177 additions and 4177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2006/1xxx/CVE-2006-1135.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1135",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kiki91.altervista.org/exploit/sBlog_0.72_xss.txt",
"refsource" : "MISC",
"url" : "http://kiki91.altervista.org/exploit/sBlog_0.72_xss.txt"
},
{
"name" : "17044",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17044"
},
{
"name" : "ADV-2006-0883",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0883"
},
{
"name" : "23759",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23759"
},
{
"name" : "23760",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23760"
},
{
"name" : "19151",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19151"
},
{
"name" : "sblog-username-xss(25111)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25111"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17044"
},
{
"name": "sblog-username-xss(25111)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25111"
},
{
"name": "http://kiki91.altervista.org/exploit/sBlog_0.72_xss.txt",
"refsource": "MISC",
"url": "http://kiki91.altervista.org/exploit/sBlog_0.72_xss.txt"
},
{
"name": "ADV-2006-0883",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0883"
},
{
"name": "19151",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19151"
},
{
"name": "23759",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23759"
},
{
"name": "23760",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23760"
}
]
}
}

238
2006/1xxx/CVE-2006-1186.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1186",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS06-013",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name" : "TA06-101A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name" : "VU#959049",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/959049"
},
{
"name" : "17453",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17453"
},
{
"name" : "ADV-2006-1318",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name" : "oval:org.mitre.oval:def:1446",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446"
},
{
"name" : "oval:org.mitre.oval:def:1589",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589"
},
{
"name" : "oval:org.mitre.oval:def:1651",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651"
},
{
"name" : "oval:org.mitre.oval:def:1704",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704"
},
{
"name" : "oval:org.mitre.oval:def:791",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791"
},
{
"name" : "1015900",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015900"
},
{
"name" : "18957",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18957"
},
{
"name" : "ie-com-activex-execute-code(25545)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#959049",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "18957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18957"
},
{
"name": "oval:org.mitre.oval:def:1589",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589"
},
{
"name": "oval:org.mitre.oval:def:1446",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446"
},
{
"name": "1015900",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015900"
},
{
"name": "oval:org.mitre.oval:def:1651",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651"
},
{
"name": "TA06-101A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "MS06-013",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "17453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17453"
},
{
"name": "ADV-2006-1318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "ie-com-activex-execute-code(25545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545"
},
{
"name": "oval:org.mitre.oval:def:1704",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704"
},
{
"name": "oval:org.mitre.oval:def:791",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791"
}
]
}
}

158
2006/1xxx/CVE-2006-1285.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1285",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"name" : "17019",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17019"
},
{
"name" : "ADV-2006-0870",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0870"
},
{
"name" : "1015733",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015733"
},
{
"name" : "19171",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19171"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015733",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015733"
},
{
"name": "19171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19171"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html"
},
{
"name": "17019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17019"
},
{
"name": "ADV-2006-0870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0870"
}
]
}
}

168
2006/5xxx/CVE-2006-5286.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5286",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allows attackers to cause a denial of service (crash) via unknown attack vectors related to \"VPN issues\" for certain \"IKE and IPsec settings.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974551.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974551.htm"
},
{
"name" : "20428",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20428"
},
{
"name" : "ADV-2006-3998",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3998"
},
{
"name" : "1017025",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017025"
},
{
"name" : "22355",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22355"
},
{
"name" : "novell-bordermanager-unspecified-dos(29447)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29447"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allows attackers to cause a denial of service (crash) via unknown attack vectors related to \"VPN issues\" for certain \"IKE and IPsec settings.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20428"
},
{
"name": "1017025",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017025"
},
{
"name": "22355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22355"
},
{
"name": "novell-bordermanager-unspecified-dos(29447)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29447"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974551.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974551.htm"
},
{
"name": "ADV-2006-3998",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3998"
}
]
}
}

198
2006/5xxx/CVE-2006-5405.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5405",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061012 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448422/100/100/threaded"
},
{
"name" : "20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-October/001085.html"
},
{
"name" : "http://www.secureworks.com/press/20061011-dell.html",
"refsource" : "MISC",
"url" : "http://www.secureworks.com/press/20061011-dell.html"
},
{
"name" : "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html",
"refsource" : "MISC",
"url" : "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html"
},
{
"name" : "ADV-2006-4057",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4057"
},
{
"name" : "1017075",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017075"
},
{
"name" : "22402",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22402"
},
{
"name" : "1744",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1744"
},
{
"name" : "toshiba-bluetooth-stack-code-execute(29503)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29503"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-October/001085.html"
},
{
"name": "20061012 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448422/100/100/threaded"
},
{
"name": "http://www.secureworks.com/press/20061011-dell.html",
"refsource": "MISC",
"url": "http://www.secureworks.com/press/20061011-dell.html"
},
{
"name": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html",
"refsource": "MISC",
"url": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html"
},
{
"name": "ADV-2006-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4057"
},
{
"name": "1017075",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017075"
},
{
"name": "22402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22402"
},
{
"name": "toshiba-bluetooth-stack-code-execute(29503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29503"
},
{
"name": "1744",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1744"
}
]
}
}

158
2006/5xxx/CVE-2006-5447.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5447",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061018 {x0n3-h4ck} DEV Web Manager System <= 1.5 XSS Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449121/100/0/threaded"
},
{
"name" : "http://www.x0n3-h4ck.org/index.php?name=news&article=139",
"refsource" : "MISC",
"url" : "http://www.x0n3-h4ck.org/index.php?name=news&article=139"
},
{
"name" : "20590",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20590"
},
{
"name" : "1758",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1758"
},
{
"name" : "dev-index-xss(29659)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29659"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.x0n3-h4ck.org/index.php?name=news&article=139",
"refsource": "MISC",
"url": "http://www.x0n3-h4ck.org/index.php?name=news&article=139"
},
{
"name": "20590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20590"
},
{
"name": "1758",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1758"
},
{
"name": "20061018 {x0n3-h4ck} DEV Web Manager System <= 1.5 XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449121/100/0/threaded"
},
{
"name": "dev-index-xss(29659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29659"
}
]
}
}

218
2006/5xxx/CVE-2006-5661.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5661",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061101 Cross Site Scripting (XSS) Vulnerability in Netquery by \"VIRtech\"",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450270/100/0/threaded"
},
{
"name" : "20061111 Re: Cross Site Scripting (XSS) Vulnerability in Netquery by \"VIRtech\"",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451350/100/100/threaded"
},
{
"name" : "20061031 Cross Site Scripting (XSS) Vulnerability in Netquery by \"VIRtech\"",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050462.html"
},
{
"name" : "http://www.zion-security.com/text/XSS_Vulnerability_VIRtechs_Netquery.txt",
"refsource" : "MISC",
"url" : "http://www.zion-security.com/text/XSS_Vulnerability_VIRtechs_Netquery.txt"
},
{
"name" : "http://virtech.org/tools/",
"refsource" : "CONFIRM",
"url" : "http://virtech.org/tools/"
},
{
"name" : "20837",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20837"
},
{
"name" : "ADV-2006-4512",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4512"
},
{
"name" : "1017147",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017147"
},
{
"name" : "22864",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22864"
},
{
"name" : "1807",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1807"
},
{
"name" : "netquery-nquser-xss(29927)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29927"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20837"
},
{
"name": "22864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22864"
},
{
"name": "ADV-2006-4512",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4512"
},
{
"name": "http://www.zion-security.com/text/XSS_Vulnerability_VIRtechs_Netquery.txt",
"refsource": "MISC",
"url": "http://www.zion-security.com/text/XSS_Vulnerability_VIRtechs_Netquery.txt"
},
{
"name": "20061111 Re: Cross Site Scripting (XSS) Vulnerability in Netquery by \"VIRtech\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451350/100/100/threaded"
},
{
"name": "1017147",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017147"
},
{
"name": "1807",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1807"
},
{
"name": "20061031 Cross Site Scripting (XSS) Vulnerability in Netquery by \"VIRtech\"",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050462.html"
},
{
"name": "netquery-nquser-xss(29927)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29927"
},
{
"name": "http://virtech.org/tools/",
"refsource": "CONFIRM",
"url": "http://virtech.org/tools/"
},
{
"name": "20061101 Cross Site Scripting (XSS) Vulnerability in Netquery by \"VIRtech\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450270/100/0/threaded"
}
]
}
}

32
2006/5xxx/CVE-2006-5692.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5692",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-5692",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

148
2007/2xxx/CVE-2007-2169.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3761",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3761"
},
{
"name" : "23548",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23548"
},
{
"name" : "ADV-2007-1446",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1446"
},
{
"name" : "mozzers-subsystem-index-code-execution(33739)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33739"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mozzers-subsystem-index-code-execution(33739)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33739"
},
{
"name": "23548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23548"
},
{
"name": "ADV-2007-1446",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1446"
},
{
"name": "3761",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3761"
}
]
}
}

178
2007/2xxx/CVE-2007-2585.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://moaxb.blogspot.com/2007/05/moaxb-09-barcodewiz-activex-control-20.html",
"refsource" : "MISC",
"url" : "http://moaxb.blogspot.com/2007/05/moaxb-09-barcodewiz-activex-control-20.html"
},
{
"name" : "http://www.shinnai.altervista.org/moaxb/20070509/barcodewiz.txt",
"refsource" : "MISC",
"url" : "http://www.shinnai.altervista.org/moaxb/20070509/barcodewiz.txt"
},
{
"name" : "23891",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23891"
},
{
"name" : "ADV-2007-1728",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1728"
},
{
"name" : "35869",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35869"
},
{
"name" : "25209",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25209"
},
{
"name" : "barcodewiz-barcodewiz-bo(34180)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34180"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shinnai.altervista.org/moaxb/20070509/barcodewiz.txt",
"refsource": "MISC",
"url": "http://www.shinnai.altervista.org/moaxb/20070509/barcodewiz.txt"
},
{
"name": "barcodewiz-barcodewiz-bo(34180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34180"
},
{
"name": "25209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25209"
},
{
"name": "ADV-2007-1728",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1728"
},
{
"name": "35869",
"refsource": "OSVDB",
"url": "http://osvdb.org/35869"
},
{
"name": "http://moaxb.blogspot.com/2007/05/moaxb-09-barcodewiz-activex-control-20.html",
"refsource": "MISC",
"url": "http://moaxb.blogspot.com/2007/05/moaxb-09-barcodewiz-activex-control-20.html"
},
{
"name": "23891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23891"
}
]
}
}

178
2007/6xxx/CVE-2007-6080.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6080",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4637",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4637"
},
{
"name" : "http://www.securityfocus.com/bid/31941/exploit",
"refsource" : "MISC",
"url" : "http://www.securityfocus.com/bid/31941/exploit"
},
{
"name" : "26505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26505"
},
{
"name" : "31941",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31941"
},
{
"name" : "ADV-2007-3962",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3962"
},
{
"name" : "bcoos-click-sql-injection(38594)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38594"
},
{
"name" : "bcoos-bid-sql-injection(46156)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46156"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26505"
},
{
"name": "bcoos-click-sql-injection(38594)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38594"
},
{
"name": "4637",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4637"
},
{
"name": "ADV-2007-3962",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3962"
},
{
"name": "bcoos-bid-sql-injection(46156)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46156"
},
{
"name": "http://www.securityfocus.com/bid/31941/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/31941/exploit"
},
{
"name": "31941",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31941"
}
]
}
}

328
2007/6xxx/CVE-2007-6244.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://crypto.stanford.edu/advisories/CVE-2007-6244/",
"refsource" : "MISC",
"url" : "http://crypto.stanford.edu/advisories/CVE-2007-6244/"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb07-20.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
},
{
"name" : "GLSA-200801-07",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"name" : "RHSA-2007:1126",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
},
{
"name" : "238305",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name" : "SUSE-SA:2007:069",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"name" : "TA07-355A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"name" : "VU#758769",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/758769"
},
{
"name" : "26929",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26929"
},
{
"name" : "26949",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26949"
},
{
"name" : "26960",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26960"
},
{
"name" : "oval:org.mitre.oval:def:10210",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10210"
},
{
"name" : "ADV-2007-4258",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4258"
},
{
"name" : "ADV-2008-1724",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name" : "1019116",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019116"
},
{
"name" : "28157",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28157"
},
{
"name" : "28161",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28161"
},
{
"name" : "28570",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28570"
},
{
"name" : "28213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28213"
},
{
"name" : "30507",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30507"
},
{
"name" : "adobe-asfunction-protocol-xss(39130)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39130"
},
{
"name" : "adobe-navigatetourl-xss(39131)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39131"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2007:069",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"name": "28157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28157"
},
{
"name": "30507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30507"
},
{
"name": "adobe-navigatetourl-xss(39131)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39131"
},
{
"name": "28570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28570"
},
{
"name": "26960",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26960"
},
{
"name": "ADV-2008-1724",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name": "TA07-355A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"name": "GLSA-200801-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"name": "http://crypto.stanford.edu/advisories/CVE-2007-6244/",
"refsource": "MISC",
"url": "http://crypto.stanford.edu/advisories/CVE-2007-6244/"
},
{
"name": "oval:org.mitre.oval:def:10210",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10210"
},
{
"name": "26929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26929"
},
{
"name": "28161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28161"
},
{
"name": "RHSA-2007:1126",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
},
{
"name": "adobe-asfunction-protocol-xss(39130)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39130"
},
{
"name": "238305",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "ADV-2007-4258",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4258"
},
{
"name": "1019116",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019116"
},
{
"name": "26949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26949"
},
{
"name": "VU#758769",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/758769"
},
{
"name": "28213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28213"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb07-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
}
]
}
}

158
2007/6xxx/CVE-2007-6271.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6271",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071204 PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/484560/100/0/threaded"
},
{
"name" : "http://www.procheckup.com/Vulnerability_PR07-39.php",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/Vulnerability_PR07-39.php"
},
{
"name" : "26692",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26692"
},
{
"name" : "3421",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3421"
},
{
"name" : "absolutenewsmanager-getpath-info-disclosure(38874)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38874"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.procheckup.com/Vulnerability_PR07-39.php",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulnerability_PR07-39.php"
},
{
"name": "26692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26692"
},
{
"name": "3421",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3421"
},
{
"name": "20071204 PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484560/100/0/threaded"
},
{
"name": "absolutenewsmanager-getpath-info-disclosure(38874)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38874"
}
]
}
}

188
2007/6xxx/CVE-2007-6563.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6563",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071225",
"refsource" : "MISC",
"url" : "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071225"
},
{
"name" : "JVN#44736880",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2344736880/index.html"
},
{
"name" : "JVNDB-2007-000822",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/contents/ja/2007/JVNDB-2007-000822.html"
},
{
"name" : "27017",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27017"
},
{
"name" : "ADV-2007-4312",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4312"
},
{
"name" : "40267",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40267"
},
{
"name" : "28215",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28215"
},
{
"name" : "winace-uue-bo(39268)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39268"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-4312",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4312"
},
{
"name": "JVNDB-2007-000822",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/contents/ja/2007/JVNDB-2007-000822.html"
},
{
"name": "27017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27017"
},
{
"name": "winace-uue-bo(39268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39268"
},
{
"name": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071225",
"refsource": "MISC",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071225"
},
{
"name": "JVN#44736880",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2344736880/index.html"
},
{
"name": "40267",
"refsource": "OSVDB",
"url": "http://osvdb.org/40267"
},
{
"name": "28215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28215"
}
]
}
}

188
2010/0xxx/CVE-2010-0117.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0117",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-0117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2010-5/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-5/"
},
{
"name" : "http://service.real.com/realplayer/security/08262010_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/08262010_player/en/"
},
{
"name" : "oval:org.mitre.oval:def:7169",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7169"
},
{
"name" : "1024370",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024370"
},
{
"name" : "41096",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41096"
},
{
"name" : "41154",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41154"
},
{
"name" : "ADV-2010-2216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2216"
},
{
"name" : "realplayer-yuv420-code-execution(61421)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61421"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2216"
},
{
"name": "41096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41096"
},
{
"name": "http://service.real.com/realplayer/security/08262010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/08262010_player/en/"
},
{
"name": "realplayer-yuv420-code-execution(61421)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61421"
},
{
"name": "http://secunia.com/secunia_research/2010-5/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-5/"
},
{
"name": "1024370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024370"
},
{
"name": "oval:org.mitre.oval:def:7169",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7169"
},
{
"name": "41154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41154"
}
]
}
}

32
2010/0xxx/CVE-2010-0282.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0282",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0282",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

238
2010/0xxx/CVE-2010-0309.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[kvm] 20100129 KVM: PIT: control word is write-only",
"refsource" : "MLIST",
"url" : "http://www.mail-archive.com/kvm@vger.kernel.org/msg28002.html"
},
{
"name" : "[oss-security] 20100202 CVE request - kvm: cat /dev/port in the guest can cause host DoS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/02/02/1"
},
{
"name" : "[oss-security] 20100202 Re: CVE request - kvm: cat /dev/port in the guest can cause host DoS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/02/02/4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=560887",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=560887"
},
{
"name" : "DSA-1996",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-1996"
},
{
"name" : "RHSA-2010:0088",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
},
{
"name" : "RHSA-2010:0095",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name" : "USN-914-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-914-1"
},
{
"name" : "38158",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38158"
},
{
"name" : "oval:org.mitre.oval:def:11095",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11095"
},
{
"name" : "38492",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38492"
},
{
"name" : "38922",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38922"
},
{
"name" : "ADV-2010-0638",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0638"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38158"
},
{
"name": "USN-914-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-914-1"
},
{
"name": "ADV-2010-0638",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0638"
},
{
"name": "RHSA-2010:0088",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
},
{
"name": "38922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38922"
},
{
"name": "[oss-security] 20100202 Re: CVE request - kvm: cat /dev/port in the guest can cause host DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/02/4"
},
{
"name": "DSA-1996",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"name": "oval:org.mitre.oval:def:11095",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11095"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=560887",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=560887"
},
{
"name": "[oss-security] 20100202 CVE request - kvm: cat /dev/port in the guest can cause host DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/02/1"
},
{
"name": "[kvm] 20100129 KVM: PIT: control word is write-only",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/kvm@vger.kernel.org/msg28002.html"
},
{
"name": "RHSA-2010:0095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "38492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38492"
}
]
}
}

118
2010/0xxx/CVE-2010-0363.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0363",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2002-1785."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES",
"refsource" : "CONFIRM",
"url" : "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2002-1785."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES",
"refsource": "CONFIRM",
"url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
}
]
}
}

208
2010/0xxx/CVE-2010-0745.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dovecot-news] 20100308 v1.2.11 released",
"refsource" : "MLIST",
"url" : "http://dovecot.org/list/dovecot-news/2010-March/000152.html"
},
{
"name" : "[dovecot] 20100227 Possible CPU Denial-Of-Service attack to dovecot IMAP.",
"refsource" : "MLIST",
"url" : "http://dovecot.org/pipermail/dovecot/2010-February/047190.html"
},
{
"name" : "[oss-security] 20100310 CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/03/10/6"
},
{
"name" : "[oss-security] 20100401 Re: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127013715227551&w=2"
},
{
"name" : "http://security-tracker.debian.org/tracker/CVE-2010-0745",
"refsource" : "CONFIRM",
"url" : "http://security-tracker.debian.org/tracker/CVE-2010-0745"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=572268",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=572268"
},
{
"name" : "MDVSA-2010:104",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:104"
},
{
"name" : "SUSE-SR:2010:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name" : "ADV-2010-1107",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name" : "ADV-2010-1226",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1226"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security-tracker.debian.org/tracker/CVE-2010-0745",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-0745"
},
{
"name": "ADV-2010-1107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "[dovecot] 20100227 Possible CPU Denial-Of-Service attack to dovecot IMAP.",
"refsource": "MLIST",
"url": "http://dovecot.org/pipermail/dovecot/2010-February/047190.html"
},
{
"name": "SUSE-SR:2010:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "MDVSA-2010:104",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:104"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=572268",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=572268"
},
{
"name": "ADV-2010-1226",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1226"
},
{
"name": "[oss-security] 20100310 CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/10/6"
},
{
"name": "[dovecot-news] 20100308 v1.2.11 released",
"refsource": "MLIST",
"url": "http://dovecot.org/list/dovecot-news/2010-March/000152.html"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127013715227551&w=2"
}
]
}
}

158
2010/0xxx/CVE-2010-0862.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0862",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Retail - Oracle Retail Markdown Optimization component in Oracle Industry Product Suite 13.1 allows remote attackers to affect integrity via unknown vectors related to Online Help."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name" : "TA10-103B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name" : "39444",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39444"
},
{
"name" : "1023872",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023872"
},
{
"name" : "oipsr-rmo-unspecifed(57742)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57742"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Retail - Oracle Retail Markdown Optimization component in Oracle Industry Product Suite 13.1 allows remote attackers to affect integrity via unknown vectors related to Online Help."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-103B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name": "oipsr-rmo-unspecifed(57742)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57742"
},
{
"name": "1023872",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023872"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name": "39444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39444"
}
]
}
}

148
2010/1xxx/CVE-2010-1116.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1116",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.com/1001-exploits/lookmer-disclose.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.com/1001-exploits/lookmer-disclose.txt"
},
{
"name" : "61845",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61845"
},
{
"name" : "38247",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38247"
},
{
"name" : "lookmermusicportal-mdb-info-disclosure(55751)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55751"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38247",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38247"
},
{
"name": "61845",
"refsource": "OSVDB",
"url": "http://osvdb.org/61845"
},
{
"name": "lookmermusicportal-mdb-info-disclosure(55751)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55751"
},
{
"name": "http://www.packetstormsecurity.com/1001-exploits/lookmer-disclose.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1001-exploits/lookmer-disclose.txt"
}
]
}
}

188
2010/1xxx/CVE-2010-1943.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1943",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ipa.go.jp/about/press/20100517_2.html",
"refsource" : "MISC",
"url" : "http://www.ipa.go.jp/about/press/20100517_2.html"
},
{
"name" : "http://www.nec.co.jp/security-info/secinfo/nv10-005.html",
"refsource" : "CONFIRM",
"url" : "http://www.nec.co.jp/security-info/secinfo/nv10-005.html"
},
{
"name" : "JVN#82749282",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN82749282/index.html"
},
{
"name" : "JVNDB-2010-000020",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000020.html"
},
{
"name" : "40190",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40190"
},
{
"name" : "64701",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64701"
},
{
"name" : "39800",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39800"
},
{
"name" : "ADV-2010-1166",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1166"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nec.co.jp/security-info/secinfo/nv10-005.html",
"refsource": "CONFIRM",
"url": "http://www.nec.co.jp/security-info/secinfo/nv10-005.html"
},
{
"name": "40190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40190"
},
{
"name": "http://www.ipa.go.jp/about/press/20100517_2.html",
"refsource": "MISC",
"url": "http://www.ipa.go.jp/about/press/20100517_2.html"
},
{
"name": "JVNDB-2010-000020",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000020.html"
},
{
"name": "ADV-2010-1166",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1166"
},
{
"name": "64701",
"refsource": "OSVDB",
"url": "http://osvdb.org/64701"
},
{
"name": "39800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39800"
},
{
"name": "JVN#82749282",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN82749282/index.html"
}
]
}
}

148
2010/4xxx/CVE-2010-4375.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4375",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via malformed multi-rate data in an audio stream."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-266",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-266"
},
{
"name" : "http://service.real.com/realplayer/security/12102010_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/12102010_player/en/"
},
{
"name" : "RHSA-2010:0981",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0981.html"
},
{
"name" : "1024861",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024861"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via malformed multi-rate data in an audio stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0981",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0981.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-266",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-266"
},
{
"name": "1024861",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024861"
},
{
"name": "http://service.real.com/realplayer/security/12102010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/12102010_player/en/"
}
]
}
}

158
2010/4xxx/CVE-2010-4605.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21454745",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21454745"
},
{
"name" : "IC66686",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66686"
},
{
"name" : "1024901",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024901"
},
{
"name" : "42639",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42639"
},
{
"name" : "ADV-2010-3251",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3251"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024901",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024901"
},
{
"name": "IC66686",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66686"
},
{
"name": "ADV-2010-3251",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3251"
},
{
"name": "42639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42639"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21454745",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
}
]
}
}

168
2010/4xxx/CVE-2010-4797.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15220",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15220"
},
{
"name" : "http://packetstormsecurity.org/1010-exploits/flextimesheet-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1010-exploits/flextimesheet-sql.txt"
},
{
"name" : "43886",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43886"
},
{
"name" : "41763",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41763"
},
{
"name" : "8222",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8222"
},
{
"name" : "flex-timesheet-username-sql-injection(62374)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62374"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "flex-timesheet-username-sql-injection(62374)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62374"
},
{
"name": "8222",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8222"
},
{
"name": "41763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41763"
},
{
"name": "15220",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15220"
},
{
"name": "43886",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43886"
},
{
"name": "http://packetstormsecurity.org/1010-exploits/flextimesheet-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1010-exploits/flextimesheet-sql.txt"
}
]
}
}

138
2010/5xxx/CVE-2010-5308.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource" : "MISC",
"url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name" : "https://twitter.com/digitalbond/status/619250429751222277",
"refsource" : "MISC",
"url" : "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name" : "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4",
"refsource" : "CONFIRM",
"url" : "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
}
]
}
}

32
2014/0xxx/CVE-2014-0104.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0104",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0104",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

418
2014/0xxx/CVE-2014-0422.json
View File

@ -1,212 +1,212 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0422",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051528",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051528"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
},
{
"name" : "HPSBUX02972",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name" : "HPSBUX02973",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
},
{
"name" : "SSRT101454",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name" : "SSRT101455",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
},
{
"name" : "RHSA-2014:0026",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0026.html"
},
{
"name" : "RHSA-2014:0027",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0027.html"
},
{
"name" : "RHSA-2014:0097",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0097.html"
},
{
"name" : "RHSA-2014:0136",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0136.html"
},
{
"name" : "RHSA-2014:0030",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
},
{
"name" : "RHSA-2014:0134",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html"
},
{
"name" : "RHSA-2014:0135",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html"
},
{
"name" : "RHSA-2014:0414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name" : "openSUSE-SU-2014:0174",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html"
},
{
"name" : "SUSE-SU-2014:0246",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html"
},
{
"name" : "SUSE-SU-2014:0266",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html"
},
{
"name" : "openSUSE-SU-2014:0177",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html"
},
{
"name" : "openSUSE-SU-2014:0180",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html"
},
{
"name" : "SUSE-SU-2014:0451",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html"
},
{
"name" : "USN-2089-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2089-1"
},
{
"name" : "USN-2124-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2124-1"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64921",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64921"
},
{
"name" : "101997",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101997"
},
{
"name" : "1029608",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029608"
},
{
"name" : "56432",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56432"
},
{
"name" : "56485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56485"
},
{
"name" : "56486",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56486"
},
{
"name" : "56535",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56535"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56432"
},
{
"name": "RHSA-2014:0414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "RHSA-2014:0136",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0136.html"
},
{
"name": "openSUSE-SU-2014:0174",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html"
},
{
"name": "SSRT101455",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
},
{
"name": "RHSA-2014:0135",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html"
},
{
"name": "56535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56535"
},
{
"name": "USN-2089-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2089-1"
},
{
"name": "RHSA-2014:0030",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
},
{
"name": "RHSA-2014:0097",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0097.html"
},
{
"name": "56485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56485"
},
{
"name": "SSRT101454",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
},
{
"name": "HPSBUX02972",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name": "RHSA-2014:0027",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0027.html"
},
{
"name": "56486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56486"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1051528",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051528"
},
{
"name": "SUSE-SU-2014:0451",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html"
},
{
"name": "HPSBUX02973",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
},
{
"name": "1029608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029608"
},
{
"name": "64921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64921"
},
{
"name": "USN-2124-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2124-1"
},
{
"name": "SUSE-SU-2014:0266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html"
},
{
"name": "RHSA-2014:0026",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0026.html"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "101997",
"refsource": "OSVDB",
"url": "http://osvdb.org/101997"
},
{
"name": "SUSE-SU-2014:0246",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "RHSA-2014:0134",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html"
},
{
"name": "openSUSE-SU-2014:0180",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html"
},
{
"name": "openSUSE-SU-2014:0177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html"
}
]
}
}

148
2014/0xxx/CVE-2014-0469.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0469",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140428 CVE-2014-0469: xbuffy stack-based buffer overflow in subject processing",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/04/28/3"
},
{
"name" : "http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html",
"refsource" : "CONFIRM",
"url" : "http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html"
},
{
"name" : "DSA-2921",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2921"
},
{
"name" : "67090",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67090"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67090"
},
{
"name": "DSA-2921",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2921"
},
{
"name": "[oss-security] 20140428 CVE-2014-0469: xbuffy stack-based buffer overflow in subject processing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/28/3"
},
{
"name": "http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html",
"refsource": "CONFIRM",
"url": "http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html"
}
]
}
}

118
2014/10xxx/CVE-2014-10015.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt"
}
]
}
}

168
2014/1xxx/CVE-2014-1335.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT6254",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6254"
},
{
"name" : "https://support.apple.com/kb/HT6537",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6537"
},
{
"name" : "APPLE-SA-2014-05-21-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
},
{
"name" : "APPLE-SA-2014-06-30-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name" : "APPLE-SA-2014-06-30-4",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"name" : "67553",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67553"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT6537",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6537"
},
{
"name": "APPLE-SA-2014-06-30-4",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"name": "http://support.apple.com/kb/HT6254",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6254"
},
{
"name": "APPLE-SA-2014-06-30-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "67553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67553"
},
{
"name": "APPLE-SA-2014-05-21-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
}
]
}
}

178
2014/1xxx/CVE-2014-1888.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1888",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-1889."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140213 Wordpress plugin Buddypress <= 1.9.1 stored xss vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/531049/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/125212/WordPress-Buddypress-1.9.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/125212/WordPress-Buddypress-1.9.1-Cross-Site-Scripting.html"
},
{
"name" : "http://buddypress.org/2014/02/buddypress-1-9-2",
"refsource" : "CONFIRM",
"url" : "http://buddypress.org/2014/02/buddypress-1-9-2"
},
{
"name" : "65555",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65555"
},
{
"name" : "103307",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/103307"
},
{
"name" : "56950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56950"
},
{
"name" : "buddypress-cve20141888-xss(91175)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91175"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-1889."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65555"
},
{
"name": "buddypress-cve20141888-xss(91175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91175"
},
{
"name": "56950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56950"
},
{
"name": "http://packetstormsecurity.com/files/125212/WordPress-Buddypress-1.9.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125212/WordPress-Buddypress-1.9.1-Cross-Site-Scripting.html"
},
{
"name": "http://buddypress.org/2014/02/buddypress-1-9-2",
"refsource": "CONFIRM",
"url": "http://buddypress.org/2014/02/buddypress-1-9-2"
},
{
"name": "20140213 Wordpress plugin Buddypress <= 1.9.1 stored xss vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531049/100/0/threaded"
},
{
"name": "103307",
"refsource": "OSVDB",
"url": "http://osvdb.org/103307"
}
]
}
}

168
2014/1xxx/CVE-2014-1930.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1930",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://jvn.jp/vu/JVNVU97441356/index.html",
"refsource" : "MISC",
"url" : "http://jvn.jp/vu/JVNVU97441356/index.html"
},
{
"name" : "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details",
"refsource" : "CONFIRM",
"url" : "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details"
},
{
"name" : "VU#566894",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/566894"
},
{
"name" : "65305",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65305"
},
{
"name" : "102814",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102814"
},
{
"name" : "102815",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102815"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#566894",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/566894"
},
{
"name": "102814",
"refsource": "OSVDB",
"url": "http://osvdb.org/102814"
},
{
"name": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details",
"refsource": "CONFIRM",
"url": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details"
},
{
"name": "http://jvn.jp/vu/JVNVU97441356/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/vu/JVNVU97441356/index.html"
},
{
"name": "65305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65305"
},
{
"name": "102815",
"refsource": "OSVDB",
"url": "http://osvdb.org/102815"
}
]
}
}

168
2014/4xxx/CVE-2014-4235.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "68647",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68647"
},
{
"name" : "oracle-cpujul2014-cve20144235(94572)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94572"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "68647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68647"
},
{
"name": "oracle-cpujul2014-cve20144235(94572)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94572"
}
]
}
}

118
2014/4xxx/CVE-2014-4538.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4538",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-malware-finder-a3-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-malware-finder-a3-cross-site-scripting-xss"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codevigilant.com/disclosure/wp-plugin-malware-finder-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-malware-finder-a3-cross-site-scripting-xss"
}
]
}
}

188
2014/4xxx/CVE-2014-4671.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/",
"refsource" : "MISC",
"url" : "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/"
},
{
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
},
{
"name" : "GLSA-201407-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201407-02.xml"
},
{
"name" : "RHSA-2014:0860",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0860.html"
},
{
"name" : "68457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68457"
},
{
"name" : "1030533",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030533"
},
{
"name" : "59837",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59837"
},
{
"name" : "59774",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59774"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/",
"refsource": "MISC",
"url": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/"
},
{
"name": "RHSA-2014:0860",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0860.html"
},
{
"name": "68457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68457"
},
{
"name": "59774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59774"
},
{
"name": "1030533",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030533"
},
{
"name": "59837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59837"
},
{
"name": "GLSA-201407-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201407-02.xml"
},
{
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
}
]
}
}

128
2014/9xxx/CVE-2014-9596.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9596",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab",
"refsource" : "CONFIRM",
"url" : "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab"
},
{
"name" : "VU#117604",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/117604"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab",
"refsource": "CONFIRM",
"url": "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab"
},
{
"name": "VU#117604",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/117604"
}
]
}
}

128
2014/9xxx/CVE-2014-9768.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9768",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a \"page ID\" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white",
"refsource" : "MISC",
"url" : "http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white"
},
{
"name" : "https://vimeo.com/96718889",
"refsource" : "MISC",
"url" : "https://vimeo.com/96718889"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a \"page ID\" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white",
"refsource": "MISC",
"url": "http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white"
},
{
"name": "https://vimeo.com/96718889",
"refsource": "MISC",
"url": "https://vimeo.com/96718889"
}
]
}
}

128
2016/3xxx/CVE-2016-3063.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.netapp.com/support/s/article/cve-2016-3063-zapi-injection-vulnerability-in-oncommand-system-manager",
"refsource" : "CONFIRM",
"url" : "https://kb.netapp.com/support/s/article/cve-2016-3063-zapi-injection-vulnerability-in-oncommand-system-manager"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20160310-0004/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20160310-0004/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netapp.com/support/s/article/cve-2016-3063-zapi-injection-vulnerability-in-oncommand-system-manager",
"refsource": "CONFIRM",
"url": "https://kb.netapp.com/support/s/article/cve-2016-3063-zapi-injection-vulnerability-in-oncommand-system-manager"
},
{
"name": "https://security.netapp.com/advisory/ntap-20160310-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160310-0004/"
}
]
}
}

138
2016/3xxx/CVE-2016-3850.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3850",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782"
},
{
"name" : "92236",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92236"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782"
},
{
"name": "92236",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92236"
}
]
}
}

158
2016/3xxx/CVE-2016-3890.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3890",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name" : "https://android.googlesource.com/platform/system/core/+/014b01706cc64dc9c2ad94a96f62e07c058d0b5d",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/system/core/+/014b01706cc64dc9c2ad94a96f62e07c058d0b5d"
},
{
"name" : "https://android.googlesource.com/platform/system/core/+/268068f25673242d1d5130d96202d3288c91b700",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/system/core/+/268068f25673242d1d5130d96202d3288c91b700"
},
{
"name" : "92851",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92851"
},
{
"name" : "1036763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036763"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92851"
},
{
"name": "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name": "https://android.googlesource.com/platform/system/core/+/268068f25673242d1d5130d96202d3288c91b700",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/system/core/+/268068f25673242d1d5130d96202d3288c91b700"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "https://android.googlesource.com/platform/system/core/+/014b01706cc64dc9c2ad94a96f62e07c058d0b5d",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/system/core/+/014b01706cc64dc9c2ad94a96f62e07c058d0b5d"
}
]
}
}

138
2016/7xxx/CVE-2016-7184.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-134",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134"
},
{
"name" : "94015",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94015"
},
{
"name" : "1037252",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037252"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037252",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037252"
},
{
"name": "MS16-134",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134"
},
{
"name": "94015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94015"
}
]
}
}

158
2016/7xxx/CVE-2016-7406.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160915 Re: CVE request for Dropbear SSH <2016.74",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/15/2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1376353",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1376353"
},
{
"name" : "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb",
"refsource" : "CONFIRM",
"url" : "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb"
},
{
"name" : "GLSA-201702-23",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-23"
},
{
"name" : "92974",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92974"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-23"
},
{
"name": "92974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92974"
},
{
"name": "[oss-security] 20160915 Re: CVE request for Dropbear SSH <2016.74",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353"
},
{
"name": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb",
"refsource": "CONFIRM",
"url": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb"
}
]
}
}

158
2016/7xxx/CVE-2016-7838.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2016-7838",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WinSparkle",
"version" : {
"version_data" : [
{
"version_value" : "versions prior to 0.5.3"
}
]
}
}
]
},
"vendor_name" : "WinSparkle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WinSparkle",
"version": {
"version_data": [
{
"version_value": "versions prior to 0.5.3"
}
]
}
}
]
},
"vendor_name": "WinSparkle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/vslavik/winsparkle/commit/bb454857348245a7397f9e4fbb3a902f4ac25913",
"refsource" : "CONFIRM",
"url" : "https://github.com/vslavik/winsparkle/commit/bb454857348245a7397f9e4fbb3a902f4ac25913"
},
{
"name" : "https://www.wireshark.org/news/20161214.html",
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/news/20161214.html"
},
{
"name" : "JVN#90813656",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN90813656/index.html"
},
{
"name" : "JVN#96681653",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN96681653/index.html"
},
{
"name" : "95099",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95099"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#96681653",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN96681653/index.html"
},
{
"name": "https://www.wireshark.org/news/20161214.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/news/20161214.html"
},
{
"name": "https://github.com/vslavik/winsparkle/commit/bb454857348245a7397f9e4fbb3a902f4ac25913",
"refsource": "CONFIRM",
"url": "https://github.com/vslavik/winsparkle/commit/bb454857348245a7397f9e4fbb3a902f4ac25913"
},
{
"name": "JVN#90813656",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN90813656/index.html"
},
{
"name": "95099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95099"
}
]
}
}

198
2016/7xxx/CVE-2016-7869.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2016-7869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow / Underflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-7869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-624",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-624"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html"
},
{
"name" : "GLSA-201701-17",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-17"
},
{
"name" : "MS16-154",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154"
},
{
"name" : "RHSA-2016:2947",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html"
},
{
"name" : "SUSE-SU-2016:3148",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html"
},
{
"name" : "openSUSE-SU-2016:3160",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html"
},
{
"name" : "94871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94871"
},
{
"name" : "1037442",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037442"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow / Underflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:3148",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html"
},
{
"name": "MS16-154",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-624",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-624"
},
{
"name": "94871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94871"
},
{
"name": "GLSA-201701-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-17"
},
{
"name": "1037442",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037442"
},
{
"name": "RHSA-2016:2947",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html"
},
{
"name": "openSUSE-SU-2016:3160",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html"
}
]
}
}

32
2016/8xxx/CVE-2016-8147.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8147",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8147",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2016/8xxx/CVE-2016-8267.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8267",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8267",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

134
2016/8xxx/CVE-2016-8415.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name" : "95260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95260"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95260"
}
]
}
}

118
2016/8xxx/CVE-2016-8724.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"ID" : "CVE-2016-8724",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client",
"version" : {
"version_data" : [
{
"version_value" : "1.1"
}
]
}
}
]
},
"vendor_name" : "Moxa"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2016-8724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client",
"version": {
"version_data": [
{
"version_value": "1.1"
}
]
}
}
]
},
"vendor_name": "Moxa"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0238/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0238/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0238/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0238/"
}
]
}
}

128
2016/9xxx/CVE-2016-9180.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9180",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161104 Re: CVE request: XXE in perl Image:nfo and XML:wig",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/04/2"
},
{
"name" : "94219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94219"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94219"
},
{
"name": "[oss-security] 20161104 Re: CVE request: XXE in perl Image:nfo and XML:wig",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/04/2"
}
]
}
}

148
2016/9xxx/CVE-2016-9865.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"
},
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-70",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-70"
},
{
"name" : "GLSA-201701-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-32"
},
{
"name" : "94531",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94531"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"
},
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-70",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-70"
},
{
"name": "94531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94531"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
}
]
}
}

32
2019/2xxx/CVE-2019-2058.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2058",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2058",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2244.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2244",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2244",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2019/2xxx/CVE-2019-2480.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2480",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.5.3"
},
{
"version_affected" : "=",
"version_value" : "8.5.4"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.3"
},
{
"version_affected": "=",
"version_value": "8.5.4"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106579",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106579"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106579"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
}
]
}
}