admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:20:29 +00:00
parent cb99a9894b
commit 756c8cb47d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3717 additions and 3717 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
2006/0xxx/CVE-2006-0264.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0264",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0259. Reason: This candidate is subsumed by CVE-2006-0259. An error during initial CVE analysis used the wrong set of affected versions for \"DB10\". Notes: All CVE users should reference CVE-2006-0259 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-0264",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0259. Reason: This candidate is subsumed by CVE-2006-0259. An error during initial CVE analysis used the wrong set of affected versions for \"DB10\". Notes: All CVE users should reference CVE-2006-0259 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

160
2006/0xxx/CVE-2006-0499.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0499",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16448",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16448"
},
{
"name" : "ADV-2006-0390",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0390"
},
{
"name" : "22818",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22818"
},
{
"name" : "18620",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18620"
},
{
"name" : "phpbb-rlink-xss(24410)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24410"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18620"
},
{
"name": "phpbb-rlink-xss(24410)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24410"
},
{
"name": "16448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16448"
},
{
"name": "22818",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22818"
},
{
"name": "ADV-2006-0390",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0390"
}
]
}
}

190
2006/0xxx/CVE-2006-0729.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0729",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060223 [eVuln] Teca Diary PE SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425892/30/6800/threaded"
},
{
"name" : "http://www.evuln.com/vulns/75/summary.html",
"refsource" : "MISC",
"url" : "http://www.evuln.com/vulns/75/summary.html"
},
{
"name" : "16686",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16686"
},
{
"name" : "ADV-2006-0615",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0615"
},
{
"name" : "1015674",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015674"
},
{
"name" : "18876",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18876"
},
{
"name" : "477",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/477"
},
{
"name" : "tecadiary-functions-sql-injection(24643)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24643"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015674",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015674"
},
{
"name": "18876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18876"
},
{
"name": "477",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/477"
},
{
"name": "http://www.evuln.com/vulns/75/summary.html",
"refsource": "MISC",
"url": "http://www.evuln.com/vulns/75/summary.html"
},
{
"name": "16686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16686"
},
{
"name": "tecadiary-functions-sql-injection(24643)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24643"
},
{
"name": "20060223 [eVuln] Teca Diary PE SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425892/30/6800/threaded"
},
{
"name": "ADV-2006-0615",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0615"
}
]
}
}

140
2006/1xxx/CVE-2006-1069.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.geeklog.net/article.php/geeklog-1.4.0sr2",
"refsource" : "CONFIRM",
"url" : "http://www.geeklog.net/article.php/geeklog-1.4.0sr2"
},
{
"name" : "17010",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17010"
},
{
"name" : "ADV-2006-0851",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0851"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/article.php/geeklog-1.4.0sr2",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr2"
},
{
"name": "17010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17010"
},
{
"name": "ADV-2006-0851",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0851"
}
]
}
}

180
2006/1xxx/CVE-2006-1162.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1162",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hamid.ir/security/nodez.txt",
"refsource" : "MISC",
"url" : "http://hamid.ir/security/nodez.txt"
},
{
"name" : "17066",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17066"
},
{
"name" : "ADV-2006-0899",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0899"
},
{
"name" : "23774",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23774"
},
{
"name" : "1015747",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015747"
},
{
"name" : "19165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19165"
},
{
"name" : "nodez-op-file-include(25119)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25119"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19165"
},
{
"name": "17066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17066"
},
{
"name": "http://hamid.ir/security/nodez.txt",
"refsource": "MISC",
"url": "http://hamid.ir/security/nodez.txt"
},
{
"name": "23774",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23774"
},
{
"name": "ADV-2006-0899",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0899"
},
{
"name": "nodez-op-file-include(25119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25119"
},
{
"name": "1015747",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015747"
}
]
}
}

200
2006/1xxx/CVE-2006-1469.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1469",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-06-27",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html"
},
{
"name" : "VU#988356",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/988356"
},
{
"name" : "18686",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18686"
},
{
"name" : "18731",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18731"
},
{
"name" : "ADV-2006-2566",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2566"
},
{
"name" : "26931",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26931"
},
{
"name" : "1016394",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016394"
},
{
"name" : "20877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20877"
},
{
"name" : "macosx-imageio-tiff-bo(27478)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27478"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-06-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html"
},
{
"name": "18731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18731"
},
{
"name": "18686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18686"
},
{
"name": "VU#988356",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/988356"
},
{
"name": "26931",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26931"
},
{
"name": "macosx-imageio-tiff-bo(27478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27478"
},
{
"name": "1016394",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016394"
},
{
"name": "20877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20877"
},
{
"name": "ADV-2006-2566",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2566"
}
]
}
}

190
2006/1xxx/CVE-2006-1649.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"restore to\" selection in the \"quarantine a file\" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060404 NOD32 local privilege escalation vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429892/100/0/threaded"
},
{
"name" : "17374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17374"
},
{
"name" : "ADV-2006-1242",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1242"
},
{
"name" : "24393",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24393"
},
{
"name" : "1015867",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015867"
},
{
"name" : "19054",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19054"
},
{
"name" : "672",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/672"
},
{
"name" : "nod32-restoreto-file-upload(25640)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25640"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"restore to\" selection in the \"quarantine a file\" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24393",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24393"
},
{
"name": "1015867",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015867"
},
{
"name": "17374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17374"
},
{
"name": "672",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/672"
},
{
"name": "nod32-restoreto-file-upload(25640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25640"
},
{
"name": "ADV-2006-1242",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1242"
},
{
"name": "20060404 NOD32 local privilege escalation vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429892/100/0/threaded"
},
{
"name": "19054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19054"
}
]
}
}

250
2006/1xxx/CVE-2006-1905.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060418 Remote Xine Format String Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431251/100/0/threaded"
},
{
"name" : "http://open-security.org/advisories/16",
"refsource" : "MISC",
"url" : "http://open-security.org/advisories/16"
},
{
"name" : "http://sourceforge.net/mailarchive/message.php?msg_id=15429845",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/mailarchive/message.php?msg_id=15429845"
},
{
"name" : "GLSA-200604-15",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml"
},
{
"name" : "MDKSA-2006:085",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:085"
},
{
"name" : "SUSE-SA:2006:025",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"name" : "17579",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17579"
},
{
"name" : "ADV-2006-1432",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1432"
},
{
"name" : "24747",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24747"
},
{
"name" : "1015959",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015959"
},
{
"name" : "19671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19671"
},
{
"name" : "19854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19854"
},
{
"name" : "20066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20066"
},
{
"name" : "xine-playlist-format-string(25851)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25851"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200604-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml"
},
{
"name": "http://open-security.org/advisories/16",
"refsource": "MISC",
"url": "http://open-security.org/advisories/16"
},
{
"name": "1015959",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015959"
},
{
"name": "19854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19854"
},
{
"name": "20060418 Remote Xine Format String Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431251/100/0/threaded"
},
{
"name": "19671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19671"
},
{
"name": "ADV-2006-1432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1432"
},
{
"name": "24747",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24747"
},
{
"name": "17579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17579"
},
{
"name": "MDKSA-2006:085",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:085"
},
{
"name": "20066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20066"
},
{
"name": "SUSE-SA:2006:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"name": "xine-playlist-format-string(25851)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25851"
},
{
"name": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845"
}
]
}
}

210
2006/4xxx/CVE-2006-4632.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4632",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
},
{
"name" : "http://acid-root.new.fr/advisories/10060904.txt",
"refsource" : "MISC",
"url" : "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name" : "2300",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2300"
},
{
"name" : "ADV-2006-3478",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name" : "28577",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28577"
},
{
"name" : "28578",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28578"
},
{
"name" : "1016785",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016785"
},
{
"name" : "21761",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21761"
},
{
"name" : "1521",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1521"
},
{
"name" : "softbb-addmembre-sql-injection(28747)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28747"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2300",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "28578",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28578"
},
{
"name": "28577",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28577"
},
{
"name": "21761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21761"
},
{
"name": "ADV-2006-3478",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "1521",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1521"
},
{
"name": "http://acid-root.new.fr/advisories/10060904.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-addmembre-sql-injection(28747)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28747"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
]
}
}

160
2006/4xxx/CVE-2006-4646.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4646",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/82527",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/82527"
},
{
"name" : "19876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19876"
},
{
"name" : "ADV-2006-3480",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3480"
},
{
"name" : "21779",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21779"
},
{
"name" : "pathauto-drupal-unspecified-xss(28771)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28771"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pathauto-drupal-unspecified-xss(28771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28771"
},
{
"name": "ADV-2006-3480",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3480"
},
{
"name": "http://drupal.org/node/82527",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/82527"
},
{
"name": "21779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21779"
},
{
"name": "19876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19876"
}
]
}
}

170
2006/4xxx/CVE-2006-4834.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4834",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060914 SolpotCrew Advisory #9 - phpQuiz v0.01 design and coding byJule Slootbeek (pagename) Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446039/100/0/threaded"
},
{
"name" : "http://www.nyubicrew.org/adv/solpot-adv-07.txt",
"refsource" : "MISC",
"url" : "http://www.nyubicrew.org/adv/solpot-adv-07.txt"
},
{
"name" : "20019",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20019"
},
{
"name" : "ADV-2006-3611",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3611"
},
{
"name" : "1587",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1587"
},
{
"name" : "phpquiz-index-file-include(28947)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28947"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1587",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1587"
},
{
"name": "phpquiz-index-file-include(28947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28947"
},
{
"name": "http://www.nyubicrew.org/adv/solpot-adv-07.txt",
"refsource": "MISC",
"url": "http://www.nyubicrew.org/adv/solpot-adv-07.txt"
},
{
"name": "ADV-2006-3611",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3611"
},
{
"name": "20060914 SolpotCrew Advisory #9 - phpQuiz v0.01 design and coding byJule Slootbeek (pagename) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446039/100/0/threaded"
},
{
"name": "20019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20019"
}
]
}
}

160
2006/4xxx/CVE-2006-4905.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060916 [Kurdish Security # 27] Artmedic Links Script Remote File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446329/100/0/threaded"
},
{
"name" : "http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-27-artmedic-links.html",
"refsource" : "MISC",
"url" : "http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-27-artmedic-links.html"
},
{
"name" : "1016880",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016880"
},
{
"name" : "1600",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1600"
},
{
"name" : "artmedic-link-index-file-include(29013)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29013"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016880",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016880"
},
{
"name": "1600",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1600"
},
{
"name": "artmedic-link-index-file-include(29013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29013"
},
{
"name": "20060916 [Kurdish Security # 27] Artmedic Links Script Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446329/100/0/threaded"
},
{
"name": "http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-27-artmedic-links.html",
"refsource": "MISC",
"url": "http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-27-artmedic-links.html"
}
]
}
}

200
2006/4xxx/CVE-2006-4950.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060920 DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml"
},
{
"name" : "VU#123140",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/123140"
},
{
"name" : "20125",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20125"
},
{
"name" : "oval:org.mitre.oval:def:5665",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5665"
},
{
"name" : "ADV-2006-3722",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3722"
},
{
"name" : "29034",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29034"
},
{
"name" : "1016899",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016899"
},
{
"name" : "21974",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21974"
},
{
"name" : "ios-docsis-default-snmp(29054)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29054"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016899",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016899"
},
{
"name": "ADV-2006-3722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3722"
},
{
"name": "oval:org.mitre.oval:def:5665",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5665"
},
{
"name": "VU#123140",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/123140"
},
{
"name": "20060920 DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml"
},
{
"name": "ios-docsis-default-snmp(29054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29054"
},
{
"name": "21974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21974"
},
{
"name": "29034",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29034"
},
{
"name": "20125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20125"
}
]
}
}

34
2006/5xxx/CVE-2006-5575.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5575",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-5575",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

150
2010/2xxx/CVE-2010-2433.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2433",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RS00133",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1RS00133"
},
{
"name" : "41030",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41030"
},
{
"name" : "40275",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40275"
},
{
"name" : "ibm-wij-multiple-xss(59609)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41030"
},
{
"name": "RS00133",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1RS00133"
},
{
"name": "ibm-wij-multiple-xss(59609)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59609"
},
{
"name": "40275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40275"
}
]
}
}

34
2010/2xxx/CVE-2010-2525.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2525",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2525",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

250
2010/2xxx/CVE-2010-2545.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2545",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100722 Cacti XSS fixes in 0.8.7g",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127978954522586&w=2"
},
{
"name" : "[oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128017203704299&w=2"
},
{
"name" : "http://cacti.net/release_notes_0_8_7g.php",
"refsource" : "CONFIRM",
"url" : "http://cacti.net/release_notes_0_8_7g.php"
},
{
"name" : "http://svn.cacti.net/viewvc?view=rev&revision=6037",
"refsource" : "CONFIRM",
"url" : "http://svn.cacti.net/viewvc?view=rev&revision=6037"
},
{
"name" : "http://svn.cacti.net/viewvc?view=rev&revision=6038",
"refsource" : "CONFIRM",
"url" : "http://svn.cacti.net/viewvc?view=rev&revision=6038"
},
{
"name" : "http://svn.cacti.net/viewvc?view=rev&revision=6041",
"refsource" : "CONFIRM",
"url" : "http://svn.cacti.net/viewvc?view=rev&revision=6041"
},
{
"name" : "http://svn.cacti.net/viewvc?view=rev&revision=6042",
"refsource" : "CONFIRM",
"url" : "http://svn.cacti.net/viewvc?view=rev&revision=6042"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=459229",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=459229"
},
{
"name" : "MDVSA-2010:160",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
},
{
"name" : "RHSA-2010:0635",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0635.html"
},
{
"name" : "42575",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42575"
},
{
"name" : "41041",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41041"
},
{
"name" : "ADV-2010-2132",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2132"
},
{
"name" : "cacti-templatesimport-xss(61227)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61227"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6041",
"refsource": "CONFIRM",
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6041"
},
{
"name": "MDVSA-2010:160",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
},
{
"name": "42575",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42575"
},
{
"name": "41041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41041"
},
{
"name": "[oss-security] 20100722 Cacti XSS fixes in 0.8.7g",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127978954522586&w=2"
},
{
"name": "RHSA-2010:0635",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html"
},
{
"name": "http://cacti.net/release_notes_0_8_7g.php",
"refsource": "CONFIRM",
"url": "http://cacti.net/release_notes_0_8_7g.php"
},
{
"name": "[oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128017203704299&w=2"
},
{
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6038",
"refsource": "CONFIRM",
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6038"
},
{
"name": "ADV-2010-2132",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2132"
},
{
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6037",
"refsource": "CONFIRM",
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6037"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=459229",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459229"
},
{
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6042",
"refsource": "CONFIRM",
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6042"
},
{
"name": "cacti-templatesimport-xss(61227)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61227"
}
]
}
}

160
2010/2xxx/CVE-2010-2629.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2629",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"name" : "http://www.vsecurity.com/resources/advisory/20100702-1/",
"refsource" : "MISC",
"url" : "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"name" : "41315",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41315"
},
{
"name" : "1024167",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024167"
},
{
"name" : "1024168",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024168"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"name": "1024167",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024167"
},
{
"name": "41315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41315"
},
{
"name": "http://www.vsecurity.com/resources/advisory/20100702-1/",
"refsource": "MISC",
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"name": "1024168",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024168"
}
]
}
}

180
2010/2xxx/CVE-2010-2684.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2684",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14089",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14089"
},
{
"name" : "http://packetstormsecurity.org/1006-exploits/pagedirector-sqladdadmin.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1006-exploits/pagedirector-sqladdadmin.txt"
},
{
"name" : "41184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41184"
},
{
"name" : "65830",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65830"
},
{
"name" : "40367",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40367"
},
{
"name" : "ADV-2010-1633",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1633"
},
{
"name" : "pagedirector-index-sql-injection(59844)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59844"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41184"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/pagedirector-sqladdadmin.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/pagedirector-sqladdadmin.txt"
},
{
"name": "pagedirector-index-sql-injection(59844)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59844"
},
{
"name": "ADV-2010-1633",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1633"
},
{
"name": "65830",
"refsource": "OSVDB",
"url": "http://osvdb.org/65830"
},
{
"name": "40367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40367"
},
{
"name": "14089",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14089"
}
]
}
}

150
2010/3xxx/CVE-2010-3111.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=51070",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=51070"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html"
},
{
"name" : "oval:org.mitre.oval:def:11918",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11918"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11918",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11918"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=51070",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=51070"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html"
}
]
}
}

180
2010/3xxx/CVE-2010-3133.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3133",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14721",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14721/"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2010-09.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2010-09.html"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2010-10.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2010-10.html"
},
{
"name" : "oval:org.mitre.oval:def:11498",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11498"
},
{
"name" : "41064",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41064"
},
{
"name" : "ADV-2010-2165",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2165"
},
{
"name" : "ADV-2010-2243",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2243"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wireshark.org/security/wnpa-sec-2010-09.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2010-09.html"
},
{
"name": "14721",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14721/"
},
{
"name": "41064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41064"
},
{
"name": "oval:org.mitre.oval:def:11498",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11498"
},
{
"name": "ADV-2010-2165",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2165"
},
{
"name": "ADV-2010-2243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2243"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2010-10.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2010-10.html"
}
]
}
}

160
2010/3xxx/CVE-2010-3329.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3329",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/css/P8/documents/100113324",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100113324"
},
{
"name" : "MS10-071",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071"
},
{
"name" : "TA10-285A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name" : "43706",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43706"
},
{
"name" : "oval:org.mitre.oval:def:7482",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-071",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071"
},
{
"name": "oval:org.mitre.oval:def:7482",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7482"
},
{
"name": "43706",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43706"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100113324",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100113324"
}
]
}
}

160
2010/3xxx/CVE-2010-3749.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3749",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a \" (double quote) in an argument to the RecordClip method, aka \"parameter injection.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15991",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15991"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-211/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-211/"
},
{
"name" : "http://service.real.com/realplayer/security/10152010_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/10152010_player/en/"
},
{
"name" : "44144",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44144"
},
{
"name" : "44443",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44443"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a \" (double quote) in an argument to the RecordClip method, aka \"parameter injection.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44144"
},
{
"name": "15991",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15991"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-211/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-211/"
},
{
"name": "44443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44443"
},
{
"name": "http://service.real.com/realplayer/security/10152010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/10152010_player/en/"
}
]
}
}

170
2010/4xxx/CVE-2010-4423.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4423",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "45859",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45859"
},
{
"name" : "1024972",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024972"
},
{
"name" : "42895",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42895"
},
{
"name" : "ADV-2011-0139",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0139"
},
{
"name" : "oracle-db-cluster-priv-escalation(64756)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64756"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0139",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0139"
},
{
"name": "1024972",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024972"
},
{
"name": "45859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45859"
},
{
"name": "42895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42895"
},
{
"name": "oracle-db-cluster-priv-escalation(64756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64756"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
}
]
}
}

190
2010/4xxx/CVE-2010-4451.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4451",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"
},
{
"name" : "HPSBMU02797",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "SSRT100867",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "RHSA-2011:0282",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0282.html"
},
{
"name" : "46405",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46405"
},
{
"name" : "oval:org.mitre.oval:def:13942",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13942"
},
{
"name" : "oracle-runtime-http-code-execution(65402)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65402"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "oval:org.mitre.oval:def:13942",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13942"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"
},
{
"name": "46405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46405"
},
{
"name": "RHSA-2011:0282",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "oracle-runtime-http-code-execution(65402)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65402"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
}
]
}
}

34
2010/4xxx/CVE-2010-4510.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4510",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4150. Reason: This candidate is a duplicate of CVE-2010-4150. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2010-4150 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-4510",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4150. Reason: This candidate is a duplicate of CVE-2010-4150. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2010-4150 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

34
2010/4xxx/CVE-2010-4653.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4653",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4653",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

260
2011/1xxx/CVE-2011-1595.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[rdesktop-announce] 20110418 rdesktop 1.7.0 released",
"refsource" : "MLIST",
"url" : "http://sourceforge.net/mailarchive/message.php?msg_id=27376554"
},
{
"name" : "http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626",
"refsource" : "CONFIRM",
"url" : "http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626"
},
{
"name" : "http://sourceforge.net/projects/rdesktop/files/rdesktop/1.7.0/rdesktop-1.7.0.tar.gz/download",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/projects/rdesktop/files/rdesktop/1.7.0/rdesktop-1.7.0.tar.gz/download"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=676252",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=676252"
},
{
"name" : "FEDORA-2011-7688",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061170.html"
},
{
"name" : "FEDORA-2011-7694",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061309.html"
},
{
"name" : "FEDORA-2011-7697",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061316.html"
},
{
"name" : "GLSA-201210-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201210-03.xml"
},
{
"name" : "MDVSA-2011:102",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:102"
},
{
"name" : "RHSA-2011:0506",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2011-0506.html"
},
{
"name" : "USN-1136-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1136-1"
},
{
"name" : "47419",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47419"
},
{
"name" : "1025525",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025525"
},
{
"name" : "44881",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44881"
},
{
"name" : "51023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025525",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025525"
},
{
"name": "http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626",
"refsource": "CONFIRM",
"url": "http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626"
},
{
"name": "RHSA-2011:0506",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2011-0506.html"
},
{
"name": "MDVSA-2011:102",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:102"
},
{
"name": "47419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47419"
},
{
"name": "FEDORA-2011-7694",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061309.html"
},
{
"name": "FEDORA-2011-7688",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061170.html"
},
{
"name": "51023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51023"
},
{
"name": "GLSA-201210-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201210-03.xml"
},
{
"name": "http://sourceforge.net/projects/rdesktop/files/rdesktop/1.7.0/rdesktop-1.7.0.tar.gz/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/rdesktop/files/rdesktop/1.7.0/rdesktop-1.7.0.tar.gz/download"
},
{
"name": "[rdesktop-announce] 20110418 rdesktop 1.7.0 released",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=27376554"
},
{
"name": "44881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44881"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=676252",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=676252"
},
{
"name": "USN-1136-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1136-1"
},
{
"name": "FEDORA-2011-7697",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061316.html"
}
]
}
}

180
2011/5xxx/CVE-2011-5178.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5178",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111110 [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2011/Nov/158"
},
{
"name" : "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss"
},
{
"name" : "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg",
"refsource" : "CONFIRM",
"url" : "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg"
},
{
"name" : "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg",
"refsource" : "CONFIRM",
"url" : "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg"
},
{
"name" : "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg",
"refsource" : "CONFIRM",
"url" : "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg"
},
{
"name" : "1026319",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026319"
},
{
"name" : "46854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46854"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46854"
},
{
"name": "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg",
"refsource": "CONFIRM",
"url": "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg"
},
{
"name": "20111110 [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Nov/158"
},
{
"name": "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg",
"refsource": "CONFIRM",
"url": "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg"
},
{
"name": "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss"
},
{
"name": "1026319",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026319"
},
{
"name": "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg",
"refsource": "CONFIRM",
"url": "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg"
}
]
}
}

132
2014/10xxx/CVE-2014-10057.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2014-10057",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile",
"version" : {
"version_data" : [
{
"version_value" : "MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, Snapdragon_High_Med_2016"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper access control vulnerability in Audio."
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2014-10057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, Snapdragon_High_Med_2016"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Audio."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

250
2014/3xxx/CVE-2014-3146.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140415 lxml (python lib) vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/210"
},
{
"name" : "20140430 Re: lxml (python lib) vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/319"
},
{
"name" : "[lxml] 20140415 lxml.html.clean vulnerability",
"refsource" : "MLIST",
"url" : "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html"
},
{
"name" : "[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/09/7"
},
{
"name" : "http://lxml.de/3.3/changes-3.3.5.html",
"refsource" : "CONFIRM",
"url" : "http://lxml.de/3.3/changes-3.3.5.html"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0218.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0218.html"
},
{
"name" : "DSA-2941",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2941"
},
{
"name" : "MDVSA-2015:112",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112"
},
{
"name" : "openSUSE-SU-2014:0735",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html"
},
{
"name" : "USN-2217-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2217-1"
},
{
"name" : "67159",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67159"
},
{
"name" : "58013",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58013"
},
{
"name" : "58744",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58744"
},
{
"name" : "59008",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59008"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2941",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2941"
},
{
"name": "http://lxml.de/3.3/changes-3.3.5.html",
"refsource": "CONFIRM",
"url": "http://lxml.de/3.3/changes-3.3.5.html"
},
{
"name": "[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/09/7"
},
{
"name": "USN-2217-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2217-1"
},
{
"name": "[lxml] 20140415 lxml.html.clean vulnerability",
"refsource": "MLIST",
"url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html"
},
{
"name": "58744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58744"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0218.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0218.html"
},
{
"name": "67159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67159"
},
{
"name": "MDVSA-2015:112",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112"
},
{
"name": "58013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58013"
},
{
"name": "20140415 lxml (python lib) vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/210"
},
{
"name": "59008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59008"
},
{
"name": "openSUSE-SU-2014:0735",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html"
},
{
"name": "20140430 Re: lxml (python lib) vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/319"
}
]
}
}

34
2014/3xxx/CVE-2014-3163.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3163",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3163",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/3xxx/CVE-2014-3328.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140725 Cisco Unified Presence Server Sync Agent Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328"
},
{
"name" : "68901",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68901"
},
{
"name" : "1030643",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030643"
},
{
"name" : "cisco-ups-cve20143328-dos(94879)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94879"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68901"
},
{
"name": "20140725 Cisco Unified Presence Server Sync Agent Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328"
},
{
"name": "1030643",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030643"
},
{
"name": "cisco-ups-cve20143328-dos(94879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94879"
}
]
}
}

34
2014/8xxx/CVE-2014-8164.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8164",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8164",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8253.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8253",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8253",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/8xxx/CVE-2014-8367.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.arubanetworks.com/support/alerts/aid-11192014.txt",
"refsource" : "CONFIRM",
"url" : "http://www.arubanetworks.com/support/alerts/aid-11192014.txt"
},
{
"name" : "62602",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62602"
},
{
"name" : "clearpass-cve20148367-sql-injection(98870)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98870"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.arubanetworks.com/support/alerts/aid-11192014.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/support/alerts/aid-11192014.txt"
},
{
"name": "62602",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62602"
},
{
"name": "clearpass-cve20148367-sql-injection(98870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98870"
}
]
}
}

34
2014/9xxx/CVE-2014-9470.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9470",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9470",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2016/2xxx/CVE-2016-2326.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2326",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2"
},
{
"name" : "DSA-3506",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3506"
},
{
"name" : "GLSA-201606-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201606-09"
},
{
"name" : "GLSA-201705-08",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-08"
},
{
"name" : "USN-2944-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2944-1"
},
{
"name" : "84165",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84165"
},
{
"name" : "1035010",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035010"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84165"
},
{
"name": "GLSA-201705-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-08"
},
{
"name": "USN-2944-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2944-1"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2"
},
{
"name": "DSA-3506",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3506"
},
{
"name": "1035010",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035010"
},
{
"name": "GLSA-201606-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-09"
}
]
}
}

200
2016/2xxx/CVE-2016-2334.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2334",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html",
"refsource" : "MISC",
"url" : "http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html"
},
{
"name" : "http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html",
"refsource" : "MISC",
"url" : "http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html"
},
{
"name" : "http://www.talosintel.com/reports/TALOS-2016-0093/",
"refsource" : "MISC",
"url" : "http://www.talosintel.com/reports/TALOS-2016-0093/"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
},
{
"name" : "FEDORA-2016-430bc0f808",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/"
},
{
"name" : "FEDORA-2016-bbcb0e4eb4",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/"
},
{
"name" : "GLSA-201701-27",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-27"
},
{
"name" : "90531",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90531"
},
{
"name" : "1035876",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035876"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-bbcb0e4eb4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/"
},
{
"name": "http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html",
"refsource": "MISC",
"url": "http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html"
},
{
"name": "http://www.talosintel.com/reports/TALOS-2016-0093/",
"refsource": "MISC",
"url": "http://www.talosintel.com/reports/TALOS-2016-0093/"
},
{
"name": "http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html",
"refsource": "MISC",
"url": "http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html"
},
{
"name": "90531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90531"
},
{
"name": "GLSA-201701-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-27"
},
{
"name": "1035876",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035876"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
},
{
"name": "FEDORA-2016-430bc0f808",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/"
}
]
}
}

130
2016/2xxx/CVE-2016-2413.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-04-02.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48"
},
{
"name": "http://source.android.com/security/bulletin/2016-04-02.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2581.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2581",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2581",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2704.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2704",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2704",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

210
2016/6xxx/CVE-2016-6258.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.citrix.com/article/CTX214954",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX214954"
},
{
"name" : "http://xenbits.xen.org/xsa/advisory-182.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-182.html"
},
{
"name" : "http://xenbits.xen.org/xsa/xsa182-4.5.patch",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/xsa182-4.5.patch"
},
{
"name" : "http://xenbits.xen.org/xsa/xsa182-4.6.patch",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/xsa182-4.6.patch"
},
{
"name" : "http://xenbits.xen.org/xsa/xsa182-unstable.patch",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/xsa182-unstable.patch"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name" : "DSA-3633",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3633"
},
{
"name" : "GLSA-201611-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-09"
},
{
"name" : "92131",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92131"
},
{
"name" : "1036446",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036446"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-182.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-182.html"
},
{
"name": "http://xenbits.xen.org/xsa/xsa182-4.6.patch",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/xsa182-4.6.patch"
},
{
"name": "http://support.citrix.com/article/CTX214954",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX214954"
},
{
"name": "GLSA-201611-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-09"
},
{
"name": "http://xenbits.xen.org/xsa/xsa182-unstable.patch",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/xsa182-unstable.patch"
},
{
"name": "http://xenbits.xen.org/xsa/xsa182-4.5.patch",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/xsa182-4.5.patch"
},
{
"name": "DSA-3633",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3633"
},
{
"name": "1036446",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036446"
},
{
"name": "92131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92131"
}
]
}
}

200
2016/6xxx/CVE-2016-6261.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6261",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[help-libidn] 20150709 out of bounds stack read in function idna_to_ascii_4i",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html"
},
{
"name" : "[help-libidn] 20160720 Libidn 1.33 released",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name" : "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name" : "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name" : "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d"
},
{
"name" : "DSA-3658",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3658"
},
{
"name" : "openSUSE-SU-2016:2135",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name" : "USN-3068-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name" : "92070",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92070"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "92070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "USN-3068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[help-libidn] 20150709 out of bounds stack read in function idna_to_ascii_4i",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html"
}
]
}
}

130
2016/6xxx/CVE-2016-6454.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6454",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Hosted Collaboration Mediation Fulfillment before 11.5(0.98000.216)",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Hosted Collaboration Mediation Fulfillment before 11.5(0.98000.216)"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Hosted Collaboration Mediation Fulfillment before 11.5(0.98000.216)",
"version": {
"version_data": [
{
"version_value": "Cisco Hosted Collaboration Mediation Fulfillment before 11.5(0.98000.216)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-hcmf",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-hcmf"
},
{
"name" : "93916",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93916"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-hcmf",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-hcmf"
},
{
"name": "93916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93916"
}
]
}
}

184
2016/6xxx/CVE-2016-6541.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6541",
"STATE" : "PUBLIC",
"TITLE" : "TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Bravo Mobile Application",
"version" : {
"version_data" : [
{
"affected" : "!",
"platform" : "iOS",
"version_value" : "5.1.6"
},
{
"affected" : "!",
"platform" : "Android",
"version_value" : "2.2.5"
}
]
}
}
]
},
"vendor_name" : "TrackR"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-306: Missing Authentication for Critical Function"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6541",
"STATE": "PUBLIC",
"TITLE": "TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bravo Mobile Application",
"version": {
"version_data": [
{
"affected": "!",
"platform": "iOS",
"version_value": "5.1.6"
},
{
"affected": "!",
"platform": "Android",
"version_value": "2.2.5"
}
]
}
}
]
},
"vendor_name": "TrackR"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name" : "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ",
"refsource" : "MISC",
"url" : "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"
},
{
"name" : "VU#617567",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/617567"
},
{
"name" : "93874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93874"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93874"
},
{
"name": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "VU#617567",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/617567"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

34
2016/6xxx/CVE-2016-6590.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6590",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6590",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/7xxx/CVE-2016-7096.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7096",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7096",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/7xxx/CVE-2016-7605.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
},
{
"name" : "94903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94903"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}

34
2016/7xxx/CVE-2016-7750.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7750",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7750",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

180
2016/7xxx/CVE-2016-7858.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2016-7858",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-7858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-595",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-595"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html"
},
{
"name" : "GLSA-201611-18",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-18"
},
{
"name" : "MS16-141",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141"
},
{
"name" : "RHSA-2016:2676",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2676.html"
},
{
"name" : "94153",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94153"
},
{
"name" : "1037240",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037240"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-141",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html"
},
{
"name": "94153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94153"
},
{
"name": "RHSA-2016:2676",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2676.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-595",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-595"
},
{
"name": "1037240",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037240"
},
{
"name": "GLSA-201611-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-18"
}
]
}
}

142
2017/5xxx/CVE-2017-5787.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2016-12-15T00:00:00",
"ID" : "CVE-2017-5787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Version Control Repository Manager (VCRM)",
"version" : {
"version_data" : [
{
"version_value" : "prior to 7.6"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2016-12-15T00:00:00",
"ID": "CVE-2017-5787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Version Control Repository Manager (VCRM)",
"version": {
"version_data": [
{
"version_value": "prior to 7.6"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "96395",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96395"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "96395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96395"
}
]
}
}

190
2017/5xxx/CVE-2017-5938.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5938",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170208 Re: CVE request: XSS in viewvc",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/09/6"
},
{
"name" : "https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad",
"refsource" : "CONFIRM",
"url" : "https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad"
},
{
"name" : "https://github.com/viewvc/viewvc/issues/137",
"refsource" : "CONFIRM",
"url" : "https://github.com/viewvc/viewvc/issues/137"
},
{
"name" : "https://github.com/viewvc/viewvc/releases/tag/1.0.14",
"refsource" : "CONFIRM",
"url" : "https://github.com/viewvc/viewvc/releases/tag/1.0.14"
},
{
"name" : "https://github.com/viewvc/viewvc/releases/tag/1.1.26",
"refsource" : "CONFIRM",
"url" : "https://github.com/viewvc/viewvc/releases/tag/1.1.26"
},
{
"name" : "DSA-3784",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3784"
},
{
"name" : "openSUSE-SU-2017:0501",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2017-02/msg00082.html"
},
{
"name" : "96185",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96185"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/viewvc/viewvc/releases/tag/1.0.14",
"refsource": "CONFIRM",
"url": "https://github.com/viewvc/viewvc/releases/tag/1.0.14"
},
{
"name": "https://github.com/viewvc/viewvc/issues/137",
"refsource": "CONFIRM",
"url": "https://github.com/viewvc/viewvc/issues/137"
},
{
"name": "96185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96185"
},
{
"name": "https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad",
"refsource": "CONFIRM",
"url": "https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad"
},
{
"name": "https://github.com/viewvc/viewvc/releases/tag/1.1.26",
"refsource": "CONFIRM",
"url": "https://github.com/viewvc/viewvc/releases/tag/1.1.26"
},
{
"name": "[oss-security] 20170208 Re: CVE request: XSS in viewvc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/09/6"
},
{
"name": "DSA-3784",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3784"
},
{
"name": "openSUSE-SU-2017:0501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00082.html"
}
]
}
}