admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:15:11 +00:00
parent ba66324bd3
commit 779be6ccf6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4657 additions and 4657 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2006/0xxx/CVE-2006-0590.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0590",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060204 [KAPDA::#26] - MyTopix Sql Injection & Path Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423950/100/0/threaded"
},
{
"name" : "http://kapda.ir/advisory-249.html",
"refsource" : "MISC",
"url" : "http://kapda.ir/advisory-249.html"
},
{
"name" : "413",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/413"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "413",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/413"
},
{
"name": "20060204 [KAPDA::#26] - MyTopix Sql Injection & Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423950/100/0/threaded"
},
{
"name": "http://kapda.ir/advisory-249.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-249.html"
}
]
}
}

180
2006/1xxx/CVE-2006-1212.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a \"page\" parameter or variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060309 CoreNews 2.0.1 Remote Command Exucetion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427387/100/0/threaded"
},
{
"name" : "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1",
"refsource" : "MISC",
"url" : "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1"
},
{
"name" : "20060313 Oddness - CoreNews 2.0.1 Remote Command Exucetion",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-March/000602.html"
},
{
"name" : "17067",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17067"
},
{
"name" : "24080",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24080"
},
{
"name" : "754",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/754"
},
{
"name" : "corenews-index-command-execution(25180)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25180"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a \"page\" parameter or variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1",
"refsource": "MISC",
"url": "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1"
},
{
"name": "754",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/754"
},
{
"name": "corenews-index-command-execution(25180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25180"
},
{
"name": "20060309 CoreNews 2.0.1 Remote Command Exucetion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427387/100/0/threaded"
},
{
"name": "17067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17067"
},
{
"name": "24080",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24080"
},
{
"name": "20060313 Oddness - CoreNews 2.0.1 Remote Command Exucetion",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-March/000602.html"
}
]
}
}

200
2006/1xxx/CVE-2006-1233.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060312 WMNews Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427479/100/0/threaded"
},
{
"name" : "http://biyosecurity.be/bugs/wmnews.txt",
"refsource" : "MISC",
"url" : "http://biyosecurity.be/bugs/wmnews.txt"
},
{
"name" : "17076",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17076"
},
{
"name" : "ADV-2006-0939",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0939"
},
{
"name" : "23840",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23840"
},
{
"name" : "23841",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23841"
},
{
"name" : "23842",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23842"
},
{
"name" : "19204",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19204"
},
{
"name" : "wmnews-multiple-scripts-xss(25210)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25210"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23840",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23840"
},
{
"name": "http://biyosecurity.be/bugs/wmnews.txt",
"refsource": "MISC",
"url": "http://biyosecurity.be/bugs/wmnews.txt"
},
{
"name": "23842",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23842"
},
{
"name": "23841",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23841"
},
{
"name": "19204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19204"
},
{
"name": "17076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17076"
},
{
"name": "ADV-2006-0939",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0939"
},
{
"name": "20060312 WMNews Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427479/100/0/threaded"
},
{
"name": "wmnews-multiple-scripts-xss(25210)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25210"
}
]
}
}

190
2006/1xxx/CVE-2006-1441.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-05-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name" : "TA06-132A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name" : "17951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17951"
},
{
"name" : "ADV-2006-1779",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name" : "25585",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25585"
},
{
"name" : "1016082",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016082"
},
{
"name" : "20077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20077"
},
{
"name" : "macos-cfnetwork-chunked-overlow(26406)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26406"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "ADV-2006-1779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "1016082",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016082"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "20077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20077"
},
{
"name": "macos-cfnetwork-chunked-overlow(26406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26406"
},
{
"name": "25585",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25585"
}
]
}
}

190
2006/5xxx/CVE-2006-5068.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin/index.php in Brudaswen (1) BrudaNews 1.1 and earlier and (2) BrudaGB 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the o parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2432",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2432"
},
{
"name" : "2433",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2433"
},
{
"name" : "20192",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20192"
},
{
"name" : "ADV-2006-3773",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3773"
},
{
"name" : "29176",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29176"
},
{
"name" : "22115",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22115"
},
{
"name" : "brudagb-index-file-include(29141)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29141"
},
{
"name" : "brudanews-index-file-include(29142)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29142"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in admin/index.php in Brudaswen (1) BrudaNews 1.1 and earlier and (2) BrudaGB 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the o parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "brudagb-index-file-include(29141)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29141"
},
{
"name": "2432",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2432"
},
{
"name": "22115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22115"
},
{
"name": "ADV-2006-3773",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3773"
},
{
"name": "29176",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29176"
},
{
"name": "brudanews-index-file-include(29142)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29142"
},
{
"name": "2433",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2433"
},
{
"name": "20192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20192"
}
]
}
}

220
2006/5xxx/CVE-2006-5337.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061018 Analysis of the Oracle October 2006 Critical Patch Update",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449110/100/0/threaded"
},
{
"name" : "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf",
"refsource" : "MISC",
"url" : "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "TA06-291A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
},
{
"name" : "20588",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20588"
},
{
"name" : "ADV-2006-4065",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name" : "1017077",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017077"
},
{
"name" : "22396",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22396"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name": "20588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20588"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name": "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf",
"refsource": "MISC",
"url": "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf"
},
{
"name": "20061018 Analysis of the Oracle October 2006 Critical Patch Update",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449110/100/0/threaded"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "ADV-2006-4065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name": "22396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22396"
},
{
"name": "1017077",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017077"
},
{
"name": "TA06-291A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
}
]
}
}

170
2006/5xxx/CVE-2006-5563.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5563",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061025 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449667/100/0/threaded"
},
{
"name" : "20061024 Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0518.html"
},
{
"name" : "20061026 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0566.html"
},
{
"name" : "20625",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20625"
},
{
"name" : "ADV-2006-4193",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4193"
},
{
"name" : "22510",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22510"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061026 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0566.html"
},
{
"name": "22510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22510"
},
{
"name": "20625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20625"
},
{
"name": "20061024 Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0518.html"
},
{
"name": "ADV-2006-4193",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4193"
},
{
"name": "20061025 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449667/100/0/threaded"
}
]
}
}

210
2007/2xxx/CVE-2007-2437.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2437",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.rapid7.com/advisories/R7-0027.jsp",
"refsource" : "MISC",
"url" : "http://www.rapid7.com/advisories/R7-0027.jsp"
},
{
"name" : "102901",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102901-1"
},
{
"name" : "200067",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200067-1"
},
{
"name" : "23741",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23741"
},
{
"name" : "ADV-2007-1601",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1601"
},
{
"name" : "ADV-2007-1658",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1658"
},
{
"name" : "34905",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34905"
},
{
"name" : "1017984",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017984"
},
{
"name" : "25121",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25121"
},
{
"name" : "xorg-xrender-dos(33976)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33976"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rapid7.com/advisories/R7-0027.jsp",
"refsource": "MISC",
"url": "http://www.rapid7.com/advisories/R7-0027.jsp"
},
{
"name": "ADV-2007-1658",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1658"
},
{
"name": "ADV-2007-1601",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1601"
},
{
"name": "34905",
"refsource": "OSVDB",
"url": "http://osvdb.org/34905"
},
{
"name": "1017984",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017984"
},
{
"name": "25121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25121"
},
{
"name": "xorg-xrender-dos(33976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33976"
},
{
"name": "23741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23741"
},
{
"name": "200067",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200067-1"
},
{
"name": "102901",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102901-1"
}
]
}
}

690
2007/2xxx/CVE-2007-2788.json
View File

@ -1,347 +1,347 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
},
{
"name" : "http://scary.beasts.org/security/CESA-2006-004.html",
"refsource" : "MISC",
"url" : "http://scary.beasts.org/security/CESA-2006-004.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307177",
"refsource" : "MISC",
"url" : "http://docs.info.apple.com/article.html?artnum=307177"
},
{
"name" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"
},
{
"name" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"
},
{
"name" : "APPLE-SA-2007-12-14",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
},
{
"name" : "BEA07-177.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/248"
},
{
"name" : "GLSA-200705-23",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml"
},
{
"name" : "GLSA-200706-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200706-08.xml"
},
{
"name" : "GLSA-200709-15",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
},
{
"name" : "GLSA-200804-20",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"name" : "GLSA-200804-28",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200804-28.xml"
},
{
"name" : "GLSA-200806-11",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"name" : "RHSA-2007:0829",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
},
{
"name" : "RHSA-2007:0956",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
},
{
"name" : "RHSA-2007:1086",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
},
{
"name" : "RHSA-2007:0817",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0817.html"
},
{
"name" : "RHSA-2008:0100",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
},
{
"name" : "RHSA-2008:0261",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name" : "RHSA-2008:0133",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0133.html"
},
{
"name" : "102934",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1"
},
{
"name" : "200856",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1"
},
{
"name" : "SUSE-SA:2007:045",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_45_java.html"
},
{
"name" : "SUSE-SA:2007:056",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
},
{
"name" : "VU#138545",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/138545"
},
{
"name" : "20070703 Sun JDK Confusion",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-July/001696.html"
},
{
"name" : "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-July/001697.html"
},
{
"name" : "20070711 Sun JDK Confusion",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-July/001708.html"
},
{
"name" : "20071218 Sun JDK Confusion Revisited",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-December/001862.html"
},
{
"name" : "24004",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24004"
},
{
"name" : "24267",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24267"
},
{
"name" : "oval:org.mitre.oval:def:11700",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700"
},
{
"name" : "ADV-2007-1836",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1836"
},
{
"name" : "ADV-2007-3009",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3009"
},
{
"name" : "ADV-2007-4224",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4224"
},
{
"name" : "ADV-2008-0065",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0065"
},
{
"name" : "1018182",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018182"
},
{
"name" : "25295",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25295"
},
{
"name" : "25474",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25474"
},
{
"name" : "25832",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25832"
},
{
"name" : "26049",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26049"
},
{
"name" : "26119",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26119"
},
{
"name" : "26369",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26369"
},
{
"name" : "26933",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26933"
},
{
"name" : "27203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27203"
},
{
"name" : "27266",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27266"
},
{
"name" : "26645",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26645"
},
{
"name" : "28056",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28056"
},
{
"name" : "26311",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26311"
},
{
"name" : "26631",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26631"
},
{
"name" : "28115",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28115"
},
{
"name" : "28365",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28365"
},
{
"name" : "29340",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29340"
},
{
"name" : "29858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29858"
},
{
"name" : "30780",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30780"
},
{
"name" : "30805",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30805"
},
{
"name" : "sunjava-iccprofile-overflow(34318)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34318"
},
{
"name" : "sun-java-image-bo(34652)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34652"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26933"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307177",
"refsource": "MISC",
"url": "http://docs.info.apple.com/article.html?artnum=307177"
},
{
"name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
},
{
"name": "26049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26049"
},
{
"name": "BEA07-177.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/248"
},
{
"name": "26311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26311"
},
{
"name": "20070703 Sun JDK Confusion",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html"
},
{
"name": "sun-java-image-bo(34652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34652"
},
{
"name": "200856",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1"
},
{
"name": "http://scary.beasts.org/security/CESA-2006-004.html",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2006-004.html"
},
{
"name": "30805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30805"
},
{
"name": "ADV-2008-0065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0065"
},
{
"name": "sunjava-iccprofile-overflow(34318)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34318"
},
{
"name": "VU#138545",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/138545"
},
{
"name": "GLSA-200705-23",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml"
},
{
"name": "24004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24004"
},
{
"name": "20071218 Sun JDK Confusion Revisited",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html"
},
{
"name": "26369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26369"
},
{
"name": "GLSA-200804-28",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
},
{
"name": "102934",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1"
},
{
"name": "28056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28056"
},
{
"name": "29858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29858"
},
{
"name": "SUSE-SA:2007:045",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_45_java.html"
},
{
"name": "ADV-2007-1836",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1836"
},
{
"name": "APPLE-SA-2007-12-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
},
{
"name": "RHSA-2008:0100",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
},
{
"name": "RHSA-2007:0956",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
},
{
"name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"
},
{
"name": "RHSA-2007:0817",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html"
},
{
"name": "26645",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26645"
},
{
"name": "26119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26119"
},
{
"name": "28365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28365"
},
{
"name": "24267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24267"
},
{
"name": "25832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25832"
},
{
"name": "ADV-2007-4224",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4224"
},
{
"name": "GLSA-200706-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-08.xml"
},
{
"name": "30780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30780"
},
{
"name": "25295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25295"
},
{
"name": "ADV-2007-3009",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3009"
},
{
"name": "27266",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27266"
},
{
"name": "SUSE-SA:2007:056",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
},
{
"name": "20070711 Sun JDK Confusion",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html"
},
{
"name": "GLSA-200709-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
},
{
"name": "28115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28115"
},
{
"name": "1018182",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018182"
},
{
"name": "RHSA-2008:0261",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "29340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29340"
},
{
"name": "25474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25474"
},
{
"name": "RHSA-2007:1086",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
},
{
"name": "27203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27203"
},
{
"name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html"
},
{
"name": "GLSA-200804-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"name": "GLSA-200806-11",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"
},
{
"name": "RHSA-2007:0829",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
},
{
"name": "26631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26631"
},
{
"name": "oval:org.mitre.oval:def:11700",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700"
},
{
"name": "RHSA-2008:0133",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html"
}
]
}
}

160
2007/2xxx/CVE-2007-2800.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070627 eTicket version 1.5.5 Path Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/472431/100/0/threaded"
},
{
"name" : "20070627 eTicket version 1.5.5 Path Disclosure",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=118297850220633&w=2"
},
{
"name" : "http://www.netvigilance.com/advisory0030",
"refsource" : "MISC",
"url" : "http://www.netvigilance.com/advisory0030"
},
{
"name" : "34785",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/34785"
},
{
"name" : "eticket-index-path-disclosure(35122)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.netvigilance.com/advisory0030",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0030"
},
{
"name": "20070627 eTicket version 1.5.5 Path Disclosure",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=118297850220633&w=2"
},
{
"name": "eticket-index-path-disclosure(35122)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122"
},
{
"name": "20070627 eTicket version 1.5.5 Path Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472431/100/0/threaded"
},
{
"name": "34785",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34785"
}
]
}
}

190
2007/2xxx/CVE-2007-2896.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2896",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24a.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24a.html"
},
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24b.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24b.html"
},
{
"name" : "24123",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24123"
},
{
"name" : "ADV-2007-1940",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1940"
},
{
"name" : "35077",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35077"
},
{
"name" : "1018120",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018120"
},
{
"name" : "25390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25390"
},
{
"name" : "symantec-esm-dos(34507)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34507"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24b.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24b.html"
},
{
"name": "1018120",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018120"
},
{
"name": "ADV-2007-1940",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1940"
},
{
"name": "24123",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24123"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24a.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24a.html"
},
{
"name": "25390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25390"
},
{
"name": "symantec-esm-dos(34507)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34507"
},
{
"name": "35077",
"refsource": "OSVDB",
"url": "http://osvdb.org/35077"
}
]
}
}

170
2007/2xxx/CVE-2007-2920.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-2920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#174177",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/174177"
},
{
"name" : "24421",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24421"
},
{
"name" : "ADV-2007-2142",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2142"
},
{
"name" : "37207",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37207"
},
{
"name" : "25625",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25625"
},
{
"name" : "zoomifyviewer-zactivex-bo(34825)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34825"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zoomifyviewer-zactivex-bo(34825)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34825"
},
{
"name": "ADV-2007-2142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2142"
},
{
"name": "25625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25625"
},
{
"name": "37207",
"refsource": "OSVDB",
"url": "http://osvdb.org/37207"
},
{
"name": "24421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24421"
},
{
"name": "VU#174177",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/174177"
}
]
}
}

170
2010/0xxx/CVE-2010-0172.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0172",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-15.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-15.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=537862",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=537862"
},
{
"name" : "MDVSA-2010:070",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"
},
{
"name" : "38918",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38918"
},
{
"name" : "oval:org.mitre.oval:def:8281",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281"
},
{
"name" : "ADV-2010-0692",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0692"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38918"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-15.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-15.html"
},
{
"name": "oval:org.mitre.oval:def:8281",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281"
},
{
"name": "MDVSA-2010:070",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"
},
{
"name": "ADV-2010-0692",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0692"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=537862",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=537862"
}
]
}
}

34
2010/0xxx/CVE-2010-0355.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0355",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0355",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2010/0xxx/CVE-2010-0909.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0909",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}

150
2010/1xxx/CVE-2010-1515.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-1515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://holisticinfosec.org/content/view/148/45/",
"refsource" : "MISC",
"url" : "http://holisticinfosec.org/content/view/148/45/"
},
{
"name" : "http://secunia.com/secunia_research/2010-58/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-58/"
},
{
"name" : "40544",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40544"
},
{
"name" : "39680",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39680"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39680"
},
{
"name": "40544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40544"
},
{
"name": "http://secunia.com/secunia_research/2010-58/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-58/"
},
{
"name": "http://holisticinfosec.org/content/view/148/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/148/45/"
}
]
}
}

150
2010/3xxx/CVE-2010-3059.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21443820",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21443820"
},
{
"name" : "IC69883",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883"
},
{
"name" : "42549",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42549"
},
{
"name" : "41044",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21443820",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21443820"
},
{
"name": "41044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41044"
},
{
"name": "IC69883",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883"
},
{
"name": "42549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42549"
}
]
}
}

170
2010/3xxx/CVE-2010-3588.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 10.1.2.3, 11.1.1.2.0, and 11.1.1.3.0 allows remote authenticated users to affect confidentiality and integrity, related to EUL Code & Schema."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "45858",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45858"
},
{
"name" : "1024981",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024981"
},
{
"name" : "42994",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42994"
},
{
"name" : "ADV-2011-0143",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0143"
},
{
"name" : "oracle-discoverer-eul-unauth-access(64774)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64774"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 10.1.2.3, 11.1.1.2.0, and 11.1.1.3.0 allows remote authenticated users to affect confidentiality and integrity, related to EUL Code & Schema."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0143",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0143"
},
{
"name": "42994",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42994"
},
{
"name": "1024981",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024981"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "45858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45858"
},
{
"name": "oracle-discoverer-eul-unauth-access(64774)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64774"
}
]
}
}

150
2010/3xxx/CVE-2010-3886.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100629 [0day] Microsoft mshtml.dll CTimeoutEventList::InsertIntoTimeoutList memory leak",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-06/0259.html"
},
{
"name" : "http://twitter.com/WisecWisec/statuses/17254776077",
"refsource" : "MISC",
"url" : "http://twitter.com/WisecWisec/statuses/17254776077"
},
{
"name" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630",
"refsource" : "MISC",
"url" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630"
},
{
"name" : "oval:org.mitre.oval:def:11606",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11606"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100629 [0day] Microsoft mshtml.dll CTimeoutEventList::InsertIntoTimeoutList memory leak",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-06/0259.html"
},
{
"name": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630",
"refsource": "MISC",
"url": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630"
},
{
"name": "http://twitter.com/WisecWisec/statuses/17254776077",
"refsource": "MISC",
"url": "http://twitter.com/WisecWisec/statuses/17254776077"
},
{
"name": "oval:org.mitre.oval:def:11606",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11606"
}
]
}
}

190
2010/4xxx/CVE-2010-4228.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4228",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25",
"refsource" : "MISC",
"url" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-106/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-106/"
},
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=3238588",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=3238588"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=641249",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=641249"
},
{
"name" : "46922",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46922"
},
{
"name" : "43824",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43824"
},
{
"name" : "8149",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8149"
},
{
"name" : "netware-dele-bo(66170)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66170"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25",
"refsource": "MISC",
"url": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25"
},
{
"name": "43824",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43824"
},
{
"name": "8149",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8149"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=641249",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=641249"
},
{
"name": "46922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46922"
},
{
"name": "netware-dele-bo(66170)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66170"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-106/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-106/"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=3238588",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=3238588"
}
]
}
}

160
2010/4xxx/CVE-2010-4331.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4331",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110115 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515768/100/0/threaded"
},
{
"name" : "16000",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/16000"
},
{
"name" : "http://www.uncompiled.com/2011/01/seo-panel-cookie-rendered-persistent-xss-vulnerability-cve-2010-4331/",
"refsource" : "MISC",
"url" : "http://www.uncompiled.com/2011/01/seo-panel-cookie-rendered-persistent-xss-vulnerability-cve-2010-4331/"
},
{
"name" : "45828",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45828"
},
{
"name" : "seopanel-sponsors-xss(64725)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64725"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "seopanel-sponsors-xss(64725)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64725"
},
{
"name": "45828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45828"
},
{
"name": "http://www.uncompiled.com/2011/01/seo-panel-cookie-rendered-persistent-xss-vulnerability-cve-2010-4331/",
"refsource": "MISC",
"url": "http://www.uncompiled.com/2011/01/seo-panel-cookie-rendered-persistent-xss-vulnerability-cve-2010-4331/"
},
{
"name": "16000",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16000"
},
{
"name": "20110115 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515768/100/0/threaded"
}
]
}
}

120
2010/4xxx/CVE-2010-4339.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598743",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598743"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598743",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598743"
}
]
}
}

160
2010/4xxx/CVE-2010-4646.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4646",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/05/3"
},
{
"name" : "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/06/14"
},
{
"name" : "http://www.hastymail.org/security/",
"refsource" : "CONFIRM",
"url" : "http://www.hastymail.org/security/"
},
{
"name" : "43681",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43681"
},
{
"name" : "hastymail2-table-xss(64962)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hastymail.org/security/",
"refsource": "CONFIRM",
"url": "http://www.hastymail.org/security/"
},
{
"name": "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/06/14"
},
{
"name": "hastymail2-table-xss(64962)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"
},
{
"name": "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/05/3"
},
{
"name": "43681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43681"
}
]
}
}

160
2010/4xxx/CVE-2010-4812.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4812",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bbs.wolvez.org/viewtopic.php?id=180",
"refsource" : "MISC",
"url" : "http://bbs.wolvez.org/viewtopic.php?id=180"
},
{
"name" : "http://www.6kbbs.net/view-487.html",
"refsource" : "MISC",
"url" : "http://www.6kbbs.net/view-487.html"
},
{
"name" : "42204",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42204"
},
{
"name" : "6kbbs-ajaxadmin-sql-injection(63285)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63285"
},
{
"name" : "6kbbs-ajaxmember-sql-injection(63286)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63286"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6kbbs-ajaxmember-sql-injection(63286)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63286"
},
{
"name": "http://www.6kbbs.net/view-487.html",
"refsource": "MISC",
"url": "http://www.6kbbs.net/view-487.html"
},
{
"name": "42204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42204"
},
{
"name": "6kbbs-ajaxadmin-sql-injection(63285)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63285"
},
{
"name": "http://bbs.wolvez.org/viewtopic.php?id=180",
"refsource": "MISC",
"url": "http://bbs.wolvez.org/viewtopic.php?id=180"
}
]
}
}

170
2014/0xxx/CVE-2014-0394.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0394",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Updates Environment Mgmt, a different vulnerability than CVE-2014-0395."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64848",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64848"
},
{
"name" : "102033",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102033"
},
{
"name" : "1029623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029623"
},
{
"name" : "56478",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56478"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Updates Environment Mgmt, a different vulnerability than CVE-2014-0395."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102033",
"refsource": "OSVDB",
"url": "http://osvdb.org/102033"
},
{
"name": "64848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64848"
},
{
"name": "56478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56478"
},
{
"name": "1029623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029623"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
}

140
2014/0xxx/CVE-2014-0774.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0774",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"
},
{
"name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01",
"refsource" : "CONFIRM",
"url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"name" : "65871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65871"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"
},
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"name": "65871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65871"
}
]
}
}

160
2014/0xxx/CVE-2014-0821.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cs.cybozu.co.jp/information/gr20140225up04.php",
"refsource" : "CONFIRM",
"url" : "http://cs.cybozu.co.jp/information/gr20140225up04.php"
},
{
"name" : "https://support.cybozu.com/ja-jp/article/7993",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/7993"
},
{
"name" : "JVN#71045461",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN71045461/index.html"
},
{
"name" : "JVNDB-2014-000024",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024"
},
{
"name" : "65809",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#71045461",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN71045461/index.html"
},
{
"name": "JVNDB-2014-000024",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024"
},
{
"name": "https://support.cybozu.com/ja-jp/article/7993",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/7993"
},
{
"name": "65809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65809"
},
{
"name": "http://cs.cybozu.co.jp/information/gr20140225up04.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/gr20140225up04.php"
}
]
}
}

160
2014/0xxx/CVE-2014-0823.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0823",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669554",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"name" : "PI05324",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI05324"
},
{
"name" : "67329",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67329"
},
{
"name" : "ibm-was-cve20140823-viewfiles(90498)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90498"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"name": "67329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67329"
},
{
"name": "PI05324",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI05324"
},
{
"name": "ibm-was-cve20140823-viewfiles(90498)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90498"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
}
]
}
}

130
2014/0xxx/CVE-2014-0885.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0885",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21668124",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21668124"
},
{
"name" : "ibm-lpms-cve20140885-csrf(91171)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91171"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21668124",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668124"
},
{
"name": "ibm-lpms-cve20140885-csrf(91171)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91171"
}
]
}
}

160
2014/4xxx/CVE-2014-4128.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141014 Microsoft Internet Explorer CImplAry Uninitialized Memory Vulnerability",
"refsource" : "IDEFENSE",
"url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1076"
},
{
"name" : "MS14-056",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056"
},
{
"name" : "70330",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70330"
},
{
"name" : "1031018",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031018"
},
{
"name" : "60968",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60968"
},
{
"name": "70330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70330"
},
{
"name": "20141014 Microsoft Internet Explorer CImplAry Uninitialized Memory Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1076"
},
{
"name": "1031018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031018"
},
{
"name": "MS14-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056"
}
]
}
}

250
2014/4xxx/CVE-2014-4171.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[mm-commits] 20140617 + shmem-fix-faulting-into-a-hole-while-its-punched.patch added to -mm tree",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-mm-commits&m=140303745420549&w=2"
},
{
"name" : "[oss-security] 20140618 CVE-2014-4171 - Linux kernel mm/shmem.c denial of service",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/06/18/11"
},
{
"name" : "http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch",
"refsource" : "CONFIRM",
"url" : "http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1111180",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1111180"
},
{
"name" : "RHSA-2014:1318",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1318.html"
},
{
"name" : "RHSA-2015:0102",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0102.html"
},
{
"name" : "SUSE-SU-2014:1316",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
},
{
"name" : "SUSE-SU-2014:1319",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
},
{
"name" : "USN-2334-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2334-1"
},
{
"name" : "USN-2335-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2335-1"
},
{
"name" : "68157",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68157"
},
{
"name" : "1030450",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030450"
},
{
"name" : "59777",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59777"
},
{
"name" : "60564",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60564"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[mm-commits] 20140617 + shmem-fix-faulting-into-a-hole-while-its-punched.patch added to -mm tree",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-mm-commits&m=140303745420549&w=2"
},
{
"name": "RHSA-2014:1318",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1318.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1111180",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1111180"
},
{
"name": "68157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68157"
},
{
"name": "SUSE-SU-2014:1316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
},
{
"name": "USN-2335-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2335-1"
},
{
"name": "USN-2334-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2334-1"
},
{
"name": "http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch",
"refsource": "CONFIRM",
"url": "http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch"
},
{
"name": "SUSE-SU-2014:1319",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
},
{
"name": "60564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60564"
},
{
"name": "59777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59777"
},
{
"name": "1030450",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030450"
},
{
"name": "[oss-security] 20140618 CVE-2014-4171 - Linux kernel mm/shmem.c denial of service",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/18/11"
},
{
"name": "RHSA-2015:0102",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0102.html"
}
]
}
}

130
2014/4xxx/CVE-2014-4290.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4290",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "70501",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70501"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
}
]
}
}

120
2014/4xxx/CVE-2014-4687.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4687",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter parameter to services_status.widget.php, (4) the txtRecallBuffer parameter to exec.php, or (5) the HTTP Referer header to log.widget.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pfsense.org/security/advisories/pfSense-SA-14_09.webgui.asc",
"refsource" : "CONFIRM",
"url" : "https://pfsense.org/security/advisories/pfSense-SA-14_09.webgui.asc"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter parameter to services_status.widget.php, (4) the txtRecallBuffer parameter to exec.php, or (5) the HTTP Referer header to log.widget.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pfsense.org/security/advisories/pfSense-SA-14_09.webgui.asc",
"refsource": "CONFIRM",
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_09.webgui.asc"
}
]
}
}

34
2014/4xxx/CVE-2014-4953.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4953",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-4953",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/8xxx/CVE-2014-8670.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8670",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/128958/vBulletin-4.2.1-Open-Redirect.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128958/vBulletin-4.2.1-Open-Redirect.html"
},
{
"name" : "70906",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70906"
},
{
"name" : "vbulletin-go-open-redirect(98476)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98476"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70906"
},
{
"name": "http://packetstormsecurity.com/files/128958/vBulletin-4.2.1-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128958/vBulletin-4.2.1-Open-Redirect.html"
},
{
"name": "vbulletin-go-open-redirect(98476)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98476"
}
]
}
}

150
2014/8xxx/CVE-2014-8779.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8779",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150129 CVE-2014-8779: SSH Host keys on Pexip Infinity",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534576/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html"
},
{
"name" : "http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf"
},
{
"name" : "72359",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72359"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html"
},
{
"name": "20150129 CVE-2014-8779: SSH Host keys on Pexip Infinity",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534576/100/0/threaded"
},
{
"name": "72359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72359"
},
{
"name": "http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf",
"refsource": "CONFIRM",
"url": "http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf"
}
]
}
}

170
2014/9xxx/CVE-2014-9746.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9746",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2014-9746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150911 CVE Request: 2 FreeType issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/09/11/4"
},
{
"name" : "[oss-security] 20150925 Re: CVE Request: 2 FreeType issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/09/25/4"
},
{
"name" : "https://savannah.nongnu.org/bugs/?41309",
"refsource" : "MISC",
"url" : "https://savannah.nongnu.org/bugs/?41309"
},
{
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "DSA-3370",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150911 CVE Request: 2 FreeType issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/11/4"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1"
},
{
"name": "[oss-security] 20150925 Re: CVE Request: 2 FreeType issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/25/4"
},
{
"name": "https://savannah.nongnu.org/bugs/?41309",
"refsource": "MISC",
"url": "https://savannah.nongnu.org/bugs/?41309"
},
{
"name": "DSA-3370",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3370"
}
]
}
}

150
2014/9xxx/CVE-2014-9817.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1"
},
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=e24de96ab25b396ae914a7640ff4d61e58c40cf0",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=e24de96ab25b396ae914a7640ff4d61e58c40cf0"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343473",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343473"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343473",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343473"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=e24de96ab25b396ae914a7640ff4d61e58c40cf0",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=e24de96ab25b396ae914a7640ff4d61e58c40cf0"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/24/1"
}
]
}
}

130
2014/9xxx/CVE-2014-9942.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2014-9942",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of Uninitialized Variable Vulnerability in Boot"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "98243",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98243"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Uninitialized Variable Vulnerability in Boot"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name": "98243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98243"
}
]
}
}

140
2014/9xxx/CVE-2014-9965.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2014-9965",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation Vulnerability in TrustZone"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2014-9965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "98874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98874"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation Vulnerability in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "98874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98874"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}

34
2016/3xxx/CVE-2016-3224.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3224",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-3224",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

170
2016/3xxx/CVE-2016-3956.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3956",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability",
"refsource" : "CONFIRM",
"url" : "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980827",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980827"
},
{
"name" : "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29",
"refsource" : "CONFIRM",
"url" : "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29"
},
{
"name" : "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401",
"refsource" : "CONFIRM",
"url" : "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401"
},
{
"name" : "https://github.com/npm/npm/issues/8380",
"refsource" : "CONFIRM",
"url" : "https://github.com/npm/npm/issues/8380"
},
{
"name" : "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/",
"refsource" : "CONFIRM",
"url" : "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/npm/npm/issues/8380",
"refsource": "CONFIRM",
"url": "https://github.com/npm/npm/issues/8380"
},
{
"name": "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29",
"refsource": "CONFIRM",
"url": "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980827",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980827"
},
{
"name": "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401",
"refsource": "CONFIRM",
"url": "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401"
},
{
"name": "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability",
"refsource": "CONFIRM",
"url": "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/"
}
]
}
}

130
2016/6xxx/CVE-2016-6347.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-6347",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1372124",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1372124"
},
{
"name" : "92759",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92759"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92759"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1372124",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372124"
}
]
}
}

162
2016/6xxx/CVE-2016-6548.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6548",
"STATE" : "PUBLIC",
"TITLE" : "Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tech Nut Mobile Application",
"version" : {
"version_data" : [
{
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name" : "Zizai Technology"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200: Information Exposure"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6548",
"STATE": "PUBLIC",
"TITLE": "Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tech Nut Mobile Application",
"version": {
"version_data": [
{
"affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Zizai Technology"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name" : "VU#402847",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/402847"
},
{
"name" : "93877",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/93877"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93877",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/93877"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "VU#402847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/402847"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

152
2016/6xxx/CVE-2016-6551.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6551",
"STATE" : "PUBLIC",
"TITLE" : "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Antennas",
"version" : {
"version_data" : [
{
"affected" : "=",
"version_name" : "t-Series",
"version_value" : "1.07"
},
{
"affected" : "=",
"version_name" : "v-Series",
"version_value" : "1.07"
}
]
}
}
]
},
"vendor_name" : "Intellian Satellite TV"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-255"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6551",
"STATE": "PUBLIC",
"TITLE": "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Antennas",
"version": {
"version_data": [
{
"affected": "=",
"version_name": "t-Series",
"version_value": "1.07"
},
{
"affected": "=",
"version_name": "v-Series",
"version_value": "1.07"
}
]
}
}
]
},
"vendor_name": "Intellian Satellite TV"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#200907",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/200907"
},
{
"name" : "93808",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93808"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93808"
},
{
"name": "VU#200907",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/200907"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

350
2016/6xxx/CVE-2016-6816.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2016-6816",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Tomcat",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.M1 to 9.0.0.M11"
},
{
"version_value" : "8.5.0 to 8.5.6"
},
{
"version_value" : "8.0.0.RC1 to 8.0.38"
},
{
"version_value" : "7.0.0 to 7.0.72"
},
{
"version_value" : "6.0.0 to 6.0.47"
},
{
"version_value" : "Earlier, unsupported versions may also be affected."
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "character validation bypass"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2016-6816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value": "9.0.0.M1 to 9.0.0.M11"
},
{
"version_value": "8.5.0 to 8.5.6"
},
{
"version_value": "8.0.0.RC1 to 8.0.38"
},
{
"version_value": "7.0.0 to 7.0.72"
},
{
"version_value": "6.0.0 to 6.0.47"
},
{
"version_value": "Earlier, unsupported versions may also be affected."
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41783",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41783/"
},
{
"name" : "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"refsource" : "CONFIRM",
"url" : "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"name" : "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"refsource" : "CONFIRM",
"url" : "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"name" : "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"refsource" : "CONFIRM",
"url" : "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"name" : "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"refsource" : "CONFIRM",
"url" : "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
},
{
"name" : "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13",
"refsource" : "CONFIRM",
"url" : "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180607-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180607-0001/"
},
{
"name" : "DSA-3738",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3738"
},
{
"name" : "RHSA-2017:0244",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0244.html"
},
{
"name" : "RHSA-2017:0245",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0245.html"
},
{
"name" : "RHSA-2017:0246",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0246.html"
},
{
"name" : "RHSA-2017:0247",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0247.html"
},
{
"name" : "RHSA-2017:0250",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0250.html"
},
{
"name" : "RHSA-2017:0455",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name" : "RHSA-2017:0456",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"name" : "RHSA-2017:0457",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name" : "RHSA-2017:0527",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0527.html"
},
{
"name" : "RHSA-2017:0935",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0935"
},
{
"name" : "94461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94461"
},
{
"name" : "1037332",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037332"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "character validation bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0250",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0250.html"
},
{
"name": "41783",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41783/"
},
{
"name": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"refsource": "CONFIRM",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"name": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13",
"refsource": "CONFIRM",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13"
},
{
"name": "94461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94461"
},
{
"name": "DSA-3738",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3738"
},
{
"name": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"refsource": "CONFIRM",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"name": "RHSA-2017:0244",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0244.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2017:0935",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0935"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180607-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180607-0001/"
},
{
"name": "RHSA-2017:0457",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name": "RHSA-2017:0246",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0246.html"
},
{
"name": "1037332",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037332"
},
{
"name": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"refsource": "CONFIRM",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
},
{
"name": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"refsource": "CONFIRM",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"name": "RHSA-2017:0455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name": "RHSA-2017:0527",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0527.html"
},
{
"name": "RHSA-2017:0245",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0245.html"
},
{
"name": "RHSA-2017:0456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"name": "RHSA-2017:0247",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0247.html"
}
]
}
}

140
2016/6xxx/CVE-2016-6980.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html"
},
{
"name" : "93179",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93179"
},
{
"name" : "1036793",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036793"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93179"
},
{
"name": "1036793",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036793"
},
{
"name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html"
}
]
}
}

160
2016/7xxx/CVE-2016-7069.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2016-7069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "dnsdist",
"version" : {
"version_data" : [
{
"version_value" : "1.2.0"
}
]
}
}
]
},
"vendor_name" : "Open-Xchange"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dnsdist",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Open-Xchange"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7069",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7069"
},
{
"name" : "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html",
"refsource" : "CONFIRM",
"url" : "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html"
},
{
"name" : "100509",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100509"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7069",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7069"
},
{
"name": "100509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100509"
},
{
"name": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html",
"refsource": "CONFIRM",
"url": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html"
}
]
}
}

140
2016/7xxx/CVE-2016-7172.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7172",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.netapp.com/support/s/article/NTAP-20161220-0001",
"refsource" : "CONFIRM",
"url" : "https://kb.netapp.com/support/s/article/NTAP-20161220-0001"
},
{
"name" : "95069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95069"
},
{
"name" : "1037530",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037530"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95069"
},
{
"name": "https://kb.netapp.com/support/s/article/NTAP-20161220-0001",
"refsource": "CONFIRM",
"url": "https://kb.netapp.com/support/s/article/NTAP-20161220-0001"
},
{
"name": "1037530",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037530"
}
]
}
}

140
2016/7xxx/CVE-2016-7250.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7250",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka \"SQL RDBMS Engine Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-136",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136"
},
{
"name" : "94060",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94060"
},
{
"name" : "1037250",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka \"SQL RDBMS Engine Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037250",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037250"
},
{
"name": "MS16-136",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136"
},
{
"name": "94060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94060"
}
]
}
}

34
2016/7xxx/CVE-2016-7485.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7485",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7485",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

170
2016/7xxx/CVE-2016-7940.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7940",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource" : "CONFIRM",
"url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name" : "DSA-3775",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3775"
},
{
"name" : "GLSA-201702-30",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-30"
},
{
"name" : "RHSA-2017:1871",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name" : "95852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95852"
},
{
"name" : "1037755",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037755"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037755"
},
{
"name": "DSA-3775",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3775"
},
{
"name": "RHSA-2017:1871",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource": "CONFIRM",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name": "95852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95852"
},
{
"name": "GLSA-201702-30",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-30"
}
]
}
}

130
2016/8xxx/CVE-2016-8346.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-8346",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Moxa EDR-810 Industrial Secure Router",
"version" : {
"version_data" : [
{
"version_value" : "Moxa EDR-810 Industrial Secure Router"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Moxa EDR-810 Industrial Secure Router Privilege Escalation Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa EDR-810 Industrial Secure Router",
"version": {
"version_data": [
{
"version_value": "Moxa EDR-810 Industrial Secure Router"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01"
},
{
"name" : "93800",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93800"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Moxa EDR-810 Industrial Secure Router Privilege Escalation Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93800"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01"
}
]
}
}

142
2016/8xxx/CVE-2016-8529.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-01-31T00:00:00",
"ID" : "CVE-2016-8529",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS",
"version" : {
"version_data" : [
{
"version_value" : "LeftHand OS v12.5 and earlier"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Arbitrary Command Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-01-31T00:00:00",
"ID": "CVE-2016-8529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS",
"version": {
"version_data": [
{
"version_value": "LeftHand OS v12.5 and earlier"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958"
},
{
"name" : "95970",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95970"
},
{
"name" : "1037762",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037762"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037762",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037762"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958"
},
{
"name": "95970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95970"
}
]
}
}

250
2016/8xxx/CVE-2016-8740.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2016-8740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache HTTP Server",
"version" : {
"version_data" : [
{
"version_value" : "2.4.17 - 2.4.23"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2016-8740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.17 - 2.4.23"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40909",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40909/"
},
{
"name" : "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html"
},
{
"name" : "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3",
"refsource" : "CONFIRM",
"url" : "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3"
},
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us"
},
{
"name" : "https://www.tenable.com/security/tns-2017-04",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2017-04"
},
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180423-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180423-0001/"
},
{
"name" : "GLSA-201701-36",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-36"
},
{
"name" : "RHSA-2017:1161",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"name" : "RHSA-2017:1413",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name" : "RHSA-2017:1414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name" : "RHSA-2017:1415",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name" : "94650",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94650"
},
{
"name" : "1037388",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037388"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3",
"refsource": "CONFIRM",
"url": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3"
},
{
"name": "1037388",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037388"
},
{
"name": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html"
},
{
"name": "RHSA-2017:1413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name": "RHSA-2017:1161",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "RHSA-2017:1414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us"
},
{
"name": "40909",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40909/"
},
{
"name": "RHSA-2017:1415",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name": "94650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94650"
},
{
"name": "GLSA-201701-36",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180423-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
}
]
}
}

232
2016/8xxx/CVE-2016-8973.json
View File

@ -1,118 +1,118 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-8973",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Rhapsody Design Manager",
"version" : {
"version_data" : [
{
"version_value" : "4.0.2"
},
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "4.0.1"
},
{
"version_value" : "4.0.3"
},
{
"version_value" : "4.0.4"
},
{
"version_value" : "4.0.5"
},
{
"version_value" : "4.0.6"
},
{
"version_value" : "5.0"
},
{
"version_value" : "3"
},
{
"version_value" : "4.0.7"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Other"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "4.0.2"
},
{
"version_value": "3.0"
},
{
"version_value": "3.0.0.1"
},
{
"version_value": "4.0"
},
{
"version_value": "4.0.1"
},
{
"version_value": "4.0.3"
},
{
"version_value": "4.0.4"
},
{
"version_value": "4.0.5"
},
{
"version_value": "4.0.6"
},
{
"version_value": "5.0"
},
{
"version_value": "3"
},
{
"version_value": "4.0.7"
},
{
"version_value": "5.0.2"
},
{
"version_value": "5.0.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21999960",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21999960"
},
{
"name" : "96826",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96826"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21999960",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21999960"
}
]
}
}