admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 07:21:19 +00:00
parent 400e19a39d
commit 7a7d563c96
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3740 additions and 3740 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/0xxx/CVE-2006-0105.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0105",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060111 PostgreSQL security releases 8.0.6 and 8.1.2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421592/100/0/threaded"
},
{
"name" : "[pgsql-announce] 20060109 CRITICAL RELEASE: Minor Releases to Fix DoS Vulnerability",
"refsource" : "MLIST",
"url" : "http://archives.postgresql.org/pgsql-announce/2006-01/msg00001.php"
},
{
"name" : "http://www.postgresql.org/about/news.456",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/about/news.456"
},
{
"name" : "16201",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16201"
},
{
"name" : "ADV-2006-0114",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0114"
},
{
"name" : "1015482",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015482"
},
{
"name" : "18419",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18419"
},
{
"name" : "327",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/327"
},
{
"name" : "postgresql-connection-request-dos(24049)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24049"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0114",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0114"
},
{
"name": "1015482",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015482"
},
{
"name": "18419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18419"
},
{
"name": "http://www.postgresql.org/about/news.456",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news.456"
},
{
"name": "327",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/327"
},
{
"name": "postgresql-connection-request-dos(24049)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24049"
},
{
"name": "20060111 PostgreSQL security releases 8.0.6 and 8.1.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421592/100/0/threaded"
},
{
"name": "[pgsql-announce] 20060109 CRITICAL RELEASE: Minor Releases to Fix DoS Vulnerability",
"refsource": "MLIST",
"url": "http://archives.postgresql.org/pgsql-announce/2006-01/msg00001.php"
},
{
"name": "16201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16201"
}
]
}
}

170
2006/0xxx/CVE-2006-0835.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0835",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060215 Web Calendar Pro - Denial of Service SQL Injection Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0340.html"
},
{
"name" : "http://www.xorcrew.net/xpa/XPA-WebCalendarPro.txt",
"refsource" : "MISC",
"url" : "http://www.xorcrew.net/xpa/XPA-WebCalendarPro.txt"
},
{
"name" : "16789",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16789"
},
{
"name" : "ADV-2006-0700",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0700"
},
{
"name" : "18902",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18902"
},
{
"name" : "webcalendarpro-dropbase-sql-injection(24729)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24729"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060215 Web Calendar Pro - Denial of Service SQL Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0340.html"
},
{
"name": "18902",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18902"
},
{
"name": "ADV-2006-0700",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0700"
},
{
"name": "webcalendarpro-dropbase-sql-injection(24729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24729"
},
{
"name": "http://www.xorcrew.net/xpa/XPA-WebCalendarPro.txt",
"refsource": "MISC",
"url": "http://www.xorcrew.net/xpa/XPA-WebCalendarPro.txt"
},
{
"name": "16789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16789"
}
]
}
}

180
2006/3xxx/CVE-2006-3534.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3534",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing \"/content\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=136721",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=136721"
},
{
"name" : "http://people.ksp.sk/~goober/advisory/001-shoutcast.html",
"refsource" : "MISC",
"url" : "http://people.ksp.sk/~goober/advisory/001-shoutcast.html"
},
{
"name" : "http://www.shoutcast.com/#news",
"refsource" : "CONFIRM",
"url" : "http://www.shoutcast.com/#news"
},
{
"name" : "GLSA-200607-05",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200607-05.xml"
},
{
"name" : "ADV-2006-2801",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2801"
},
{
"name" : "1016493",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016493"
},
{
"name" : "20524",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20524"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing \"/content\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://people.ksp.sk/~goober/advisory/001-shoutcast.html",
"refsource": "MISC",
"url": "http://people.ksp.sk/~goober/advisory/001-shoutcast.html"
},
{
"name": "1016493",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016493"
},
{
"name": "20524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20524"
},
{
"name": "ADV-2006-2801",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2801"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=136721",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136721"
},
{
"name": "http://www.shoutcast.com/#news",
"refsource": "CONFIRM",
"url": "http://www.shoutcast.com/#news"
},
{
"name": "GLSA-200607-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200607-05.xml"
}
]
}
}

140
2006/3xxx/CVE-2006-3601.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3601",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zone-h.org/content/view/4770/31/",
"refsource" : "MISC",
"url" : "http://www.zone-h.org/content/view/4770/31/"
},
{
"name" : "18522",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18522"
},
{
"name" : "1016332",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016332"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016332",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016332"
},
{
"name": "18522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18522"
},
{
"name": "http://www.zone-h.org/content/view/4770/31/",
"refsource": "MISC",
"url": "http://www.zone-h.org/content/view/4770/31/"
}
]
}
}

130
2006/3xxx/CVE-2006-3661.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3661",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.virangar.org",
"refsource" : "MISC",
"url" : "http://www.virangar.org"
},
{
"name" : "18918",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18918"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.virangar.org",
"refsource": "MISC",
"url": "http://www.virangar.org"
},
{
"name": "18918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18918"
}
]
}
}

180
2006/3xxx/CVE-2006-3750.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3750",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060712 [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0180.html"
},
{
"name" : "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt"
},
{
"name" : "2026",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2026"
},
{
"name" : "ADV-2006-2802",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2802"
},
{
"name" : "21053",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21053"
},
{
"name" : "1249",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1249"
},
{
"name" : "hashcash-server-file-include(27720)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27720"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060712 [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0180.html"
},
{
"name": "ADV-2006-2802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2802"
},
{
"name": "hashcash-server-file-include(27720)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27720"
},
{
"name": "2026",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2026"
},
{
"name": "1249",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1249"
},
{
"name": "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt"
},
{
"name": "21053",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21053"
}
]
}
}

220
2006/3xxx/CVE-2006-3788.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::recv_unit_data; and (3) a large mapdata GEODATA structure in Net::recv_map_data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060716 Multiple vulnerabilities in UFO2000 svn 1057",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440293/100/0/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/ufo2ko-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/ufo2ko-adv.txt"
},
{
"name" : "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/multiplay.cpp?view=log",
"refsource" : "CONFIRM",
"url" : "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/multiplay.cpp?view=log"
},
{
"name" : "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_transport.cpp?view=log",
"refsource" : "CONFIRM",
"url" : "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_transport.cpp?view=log"
},
{
"name" : "GLSA-200702-10",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200702-10.xml"
},
{
"name" : "ADV-2006-2837",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2837"
},
{
"name" : "1016503",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016503"
},
{
"name" : "21091",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21091"
},
{
"name" : "24297",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24297"
},
{
"name" : "1259",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1259"
},
{
"name" : "ufo2000-recvaddunit-bo(27798)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27798"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::recv_unit_data; and (3) a large mapdata GEODATA structure in Net::recv_map_data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016503",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016503"
},
{
"name": "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/multiplay.cpp?view=log",
"refsource": "CONFIRM",
"url": "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/multiplay.cpp?view=log"
},
{
"name": "20060716 Multiple vulnerabilities in UFO2000 svn 1057",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440293/100/0/threaded"
},
{
"name": "1259",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1259"
},
{
"name": "24297",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24297"
},
{
"name": "21091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21091"
},
{
"name": "GLSA-200702-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200702-10.xml"
},
{
"name": "ADV-2006-2837",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2837"
},
{
"name": "http://aluigi.altervista.org/adv/ufo2ko-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/ufo2ko-adv.txt"
},
{
"name": "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_transport.cpp?view=log",
"refsource": "CONFIRM",
"url": "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_transport.cpp?view=log"
},
{
"name": "ufo2000-recvaddunit-bo(27798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27798"
}
]
}
}

210
2006/4xxx/CVE-2006-4131.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4131",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060810 PocketPC MMS - Remote Code Injection/Execution Vulnerability andDenial-of-Service",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442841/100/0/threaded"
},
{
"name" : "20060809 PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048614.html"
},
{
"name" : "http://www.arcsoft.com/support/downloads/download_patches/mms.asp",
"refsource" : "MISC",
"url" : "http://www.arcsoft.com/support/downloads/download_patches/mms.asp"
},
{
"name" : "2156",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2156"
},
{
"name" : "http://www.mulliner.org/pocketpc/CollinMulliner_defcon14_pocketpcphones.pdf",
"refsource" : "MISC",
"url" : "http://www.mulliner.org/pocketpc/CollinMulliner_defcon14_pocketpcphones.pdf"
},
{
"name" : "19451",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19451"
},
{
"name" : "ADV-2006-3261",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3261"
},
{
"name" : "21426",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21426"
},
{
"name" : "1387",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1387"
},
{
"name" : "mmscomposer-message-bo(28342)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28342"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19451"
},
{
"name": "1387",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1387"
},
{
"name": "2156",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2156"
},
{
"name": "20060810 PocketPC MMS - Remote Code Injection/Execution Vulnerability andDenial-of-Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442841/100/0/threaded"
},
{
"name": "http://www.arcsoft.com/support/downloads/download_patches/mms.asp",
"refsource": "MISC",
"url": "http://www.arcsoft.com/support/downloads/download_patches/mms.asp"
},
{
"name": "20060809 PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048614.html"
},
{
"name": "mmscomposer-message-bo(28342)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28342"
},
{
"name": "ADV-2006-3261",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3261"
},
{
"name": "http://www.mulliner.org/pocketpc/CollinMulliner_defcon14_pocketpcphones.pdf",
"refsource": "MISC",
"url": "http://www.mulliner.org/pocketpc/CollinMulliner_defcon14_pocketpcphones.pdf"
},
{
"name": "21426",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21426"
}
]
}
}

320
2006/4xxx/CVE-2006-4197.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060813 Multiple buffer-overflows in libmusicbrainz 2.1.2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443205/100/0/threaded"
},
{
"name" : "20060830 rPSA-2006-0161-1 libmusicbrainz",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444843/100/0/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/brainzbof-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/brainzbof-adv.txt"
},
{
"name" : "https://issues.rpath.com/browse/RPL-610",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-610"
},
{
"name" : "DSA-1162",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1162"
},
{
"name" : "GLSA-200610-09",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200610-09.xml"
},
{
"name" : "MDKSA-2006:157",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:157"
},
{
"name" : "SUSE-SR:2006:025",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name" : "USN-363-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-363-1"
},
{
"name" : "19508",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19508"
},
{
"name" : "1016691",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016691"
},
{
"name" : "21404",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21404"
},
{
"name" : "21668",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21668"
},
{
"name" : "21699",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21699"
},
{
"name" : "22191",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22191"
},
{
"name" : "22393",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22393"
},
{
"name" : "22517",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22517"
},
{
"name" : "22639",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22639"
},
{
"name" : "1399",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1399"
},
{
"name" : "libmusicbrainz-mbhttpdownload-bo(28367)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28367"
},
{
"name" : "libmusicbrainz-rdfparse-bo(28368)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28368"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1162",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1162"
},
{
"name": "22393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22393"
},
{
"name": "22191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22191"
},
{
"name": "libmusicbrainz-mbhttpdownload-bo(28367)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28367"
},
{
"name": "22639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22639"
},
{
"name": "21404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21404"
},
{
"name": "https://issues.rpath.com/browse/RPL-610",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-610"
},
{
"name": "USN-363-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-363-1"
},
{
"name": "19508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19508"
},
{
"name": "GLSA-200610-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200610-09.xml"
},
{
"name": "22517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22517"
},
{
"name": "SUSE-SR:2006:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "http://aluigi.altervista.org/adv/brainzbof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/brainzbof-adv.txt"
},
{
"name": "21699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21699"
},
{
"name": "20060830 rPSA-2006-0161-1 libmusicbrainz",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444843/100/0/threaded"
},
{
"name": "libmusicbrainz-rdfparse-bo(28368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28368"
},
{
"name": "21668",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21668"
},
{
"name": "20060813 Multiple buffer-overflows in libmusicbrainz 2.1.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443205/100/0/threaded"
},
{
"name": "1016691",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016691"
},
{
"name": "MDKSA-2006:157",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:157"
},
{
"name": "1399",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1399"
}
]
}
}

140
2006/4xxx/CVE-2006-4757.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4757",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that \"If your admins are injecting you, you might want to reconsider their access.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060901 Sql injections in e107 [Admin section]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445005/100/100/threaded"
},
{
"name" : "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show",
"refsource" : "MISC",
"url" : "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show"
},
{
"name" : "1569",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1569"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that \"If your admins are injecting you, you might want to reconsider their access.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1569",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1569"
},
{
"name": "20060901 Sql injections in e107 [Admin section]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445005/100/100/threaded"
},
{
"name": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show",
"refsource": "MISC",
"url": "http://e107.org/e107_plugins/bugtrack/bugtrack.php?id=3195&action=show"
}
]
}
}

120
2006/4xxx/CVE-2006-4943.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4943",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2",
"refsource" : "CONFIRM",
"url" : "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2",
"refsource": "CONFIRM",
"url": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2"
}
]
}
}

160
2010/2xxx/CVE-2010-2012.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1005-exploits/migascms-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/migascms-sql.txt"
},
{
"name" : "http://www.itsecteam.com/en/vulnerabilities/vulnerability54.htm",
"refsource" : "MISC",
"url" : "http://www.itsecteam.com/en/vulnerabilities/vulnerability54.htm"
},
{
"name" : "40256",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40256"
},
{
"name" : "64732",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64732"
},
{
"name" : "39878",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39878"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1005-exploits/migascms-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/migascms-sql.txt"
},
{
"name": "40256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40256"
},
{
"name": "64732",
"refsource": "OSVDB",
"url": "http://osvdb.org/64732"
},
{
"name": "http://www.itsecteam.com/en/vulnerabilities/vulnerability54.htm",
"refsource": "MISC",
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability54.htm"
},
{
"name": "39878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39878"
}
]
}
}

160
2010/2xxx/CVE-2010-2255.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1001-exploits/joomlabfsurveypro-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1001-exploits/joomlabfsurveypro-sql.txt"
},
{
"name" : "http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0",
"refsource" : "CONFIRM",
"url" : "http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0"
},
{
"name" : "37585",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37585"
},
{
"name" : "61456",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61456"
},
{
"name" : "37868",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37868"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37585"
},
{
"name": "61456",
"refsource": "OSVDB",
"url": "http://osvdb.org/61456"
},
{
"name": "37868",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37868"
},
{
"name": "http://packetstormsecurity.org/1001-exploits/joomlabfsurveypro-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/joomlabfsurveypro-sql.txt"
},
{
"name": "http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0",
"refsource": "CONFIRM",
"url": "http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0"
}
]
}
}

150
2010/2xxx/CVE-2010-2420.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2420",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser 1.0.0 and 1.0.5 alpha, a module for the Sleipnir web browser, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the Gecko engine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fenrir.co.jp/blog/2010/06/activegeckobrowser.html",
"refsource" : "CONFIRM",
"url" : "http://www.fenrir.co.jp/blog/2010/06/activegeckobrowser.html"
},
{
"name" : "JVN#67120749",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67120749/index.html"
},
{
"name" : "JVNDB-2010-000025",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000025.html"
},
{
"name" : "activegeckobrowser-unspec-code-execution(59493)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59493"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser 1.0.0 and 1.0.5 alpha, a module for the Sleipnir web browser, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the Gecko engine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#67120749",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67120749/index.html"
},
{
"name": "JVNDB-2010-000025",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000025.html"
},
{
"name": "activegeckobrowser-unspec-code-execution(59493)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59493"
},
{
"name": "http://www.fenrir.co.jp/blog/2010/06/activegeckobrowser.html",
"refsource": "CONFIRM",
"url": "http://www.fenrir.co.jp/blog/2010/06/activegeckobrowser.html"
}
]
}
}

130
2010/2xxx/CVE-2010-2834.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2834",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-2834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml"
},
{
"name" : "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml"
},
{
"name": "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml"
}
]
}
}

140
2010/3xxx/CVE-2010-3143.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14778",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14778/"
},
{
"name" : "oval:org.mitre.oval:def:7224",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7224"
},
{
"name" : "ms-win-dll-code-exec(64446)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64446"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7224",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7224"
},
{
"name": "14778",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14778/"
},
{
"name": "ms-win-dll-code-exec(64446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64446"
}
]
}
}

170
2010/3xxx/CVE-2010-3267.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101130 CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514957/100/0/threaded"
},
{
"name" : "15653",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15653"
},
{
"name" : "http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker"
},
{
"name" : "http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup",
"refsource" : "CONFIRM",
"url" : "http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup"
},
{
"name" : "45121",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45121"
},
{
"name" : "42418",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42418"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup",
"refsource": "CONFIRM",
"url": "http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup"
},
{
"name": "15653",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15653"
},
{
"name": "20101130 CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514957/100/0/threaded"
},
{
"name": "45121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45121"
},
{
"name": "42418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42418"
},
{
"name": "http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker"
}
]
}
}

200
2010/3xxx/CVE-2010-3626.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3626",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-3626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name" : "GLSA-201101-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name" : "RHSA-2010:0743",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name" : "SUSE-SA:2010:048",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
},
{
"name" : "SUSE-SR:2010:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name" : "TA10-279A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name" : "oval:org.mitre.oval:def:7382",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7382"
},
{
"name" : "43025",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43025"
},
{
"name" : "ADV-2011-0191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0191"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2010:048",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
},
{
"name": "ADV-2011-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name": "43025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43025"
},
{
"name": "GLSA-201101-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "oval:org.mitre.oval:def:7382",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7382"
},
{
"name": "RHSA-2010:0743",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name": "TA10-279A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
}
]
}
}

160
2010/3xxx/CVE-2010-3910.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101116 Vtiger CRM 5.2.0 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514846/100/0/threaded"
},
{
"name" : "http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/",
"refsource" : "MISC",
"url" : "http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/"
},
{
"name" : "http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes",
"refsource" : "MISC",
"url" : "http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes"
},
{
"name" : "http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt",
"refsource" : "MISC",
"url" : "http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt"
},
{
"name" : "42246",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42246"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt",
"refsource": "MISC",
"url": "http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt"
},
{
"name": "http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/",
"refsource": "MISC",
"url": "http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/"
},
{
"name": "42246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42246"
},
{
"name": "http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes",
"refsource": "MISC",
"url": "http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes"
},
{
"name": "20101116 Vtiger CRM 5.2.0 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514846/100/0/threaded"
}
]
}
}

150
2011/0xxx/CVE-2011-0753.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.php.net/52784",
"refsource" : "CONFIRM",
"url" : "http://bugs.php.net/52784"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "oval:org.mitre.oval:def:12271",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12271"
},
{
"name" : "php-pcntl-dos(65431)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65431"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.php.net/52784",
"refsource": "CONFIRM",
"url": "http://bugs.php.net/52784"
},
{
"name": "php-pcntl-dos(65431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65431"
},
{
"name": "oval:org.mitre.oval:def:12271",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12271"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
}
]
}
}

140
2011/1xxx/CVE-2011-1271.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1271",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \".NET Framework JIT Optimization Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/",
"refsource" : "MISC",
"url" : "http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/"
},
{
"name" : "MS11-044",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-044"
},
{
"name" : "oval:org.mitre.oval:def:12686",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12686"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \".NET Framework JIT Optimization Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12686",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12686"
},
{
"name": "MS11-044",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-044"
},
{
"name": "http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/",
"refsource": "MISC",
"url": "http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/"
}
]
}
}

140
2011/1xxx/CVE-2011-1342.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1342",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ASP before 5.1.1, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://jvn.jp/en/jp/JVN31506102/91216/index.html",
"refsource" : "CONFIRM",
"url" : "http://jvn.jp/en/jp/JVN31506102/91216/index.html"
},
{
"name" : "JVN#31506102",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN31506102/index.html"
},
{
"name" : "JVNDB-2011-000063",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000063"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ASP before 5.1.1, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2011-000063",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000063"
},
{
"name": "JVN#31506102",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN31506102/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN31506102/91216/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN31506102/91216/index.html"
}
]
}
}

170
2011/1xxx/CVE-2011-1413.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=49747",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=49747"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name" : "46785",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46785"
},
{
"name" : "oval:org.mitre.oval:def:13922",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13922"
},
{
"name" : "ADV-2011-0628",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0628"
},
{
"name" : "google-messages-dos(65949)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65949"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "google-messages-dos(65949)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65949"
},
{
"name": "46785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46785"
},
{
"name": "oval:org.mitre.oval:def:13922",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13922"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=49747",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=49747"
},
{
"name": "ADV-2011-0628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
]
}
}

120
2011/5xxx/CVE-2011-5156.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5156",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Effective File Search 6.7 allows local users to gain privileges via a Trojan horse ztvunrar36.dll file in the current working directory, as demonstrated by a directory that contains a .efs file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45153",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45153"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Effective File Search 6.7 allows local users to gain privileges via a Trojan horse ztvunrar36.dll file in the current working directory, as demonstrated by a directory that contains a .efs file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45153"
}
]
}
}

34
2014/3xxx/CVE-2014-3540.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3540",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candidate is a duplicate of CVE-2014-0114. CVE abstraction content decisions did not require a second ID. Notes: All CVE users should reference CVE-2014-0114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-3540",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candidate is a duplicate of CVE-2014-0114. CVE abstraction content decisions did not require a second ID. Notes: All CVE users should reference CVE-2014-0114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

290
2014/3xxx/CVE-2014-3597.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3597",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://php.net/ChangeLog-5.php"
},
{
"name" : "https://bugs.php.net/bug.php?id=67717",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=67717"
},
{
"name" : "https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05",
"refsource" : "CONFIRM",
"url" : "https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05"
},
{
"name" : "https://security-tracker.debian.org/tracker/CVE-2014-3597",
"refsource" : "CONFIRM",
"url" : "https://security-tracker.debian.org/tracker/CVE-2014-3597"
},
{
"name" : "https://support.apple.com/HT204659",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204659"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "APPLE-SA-2015-04-08-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name" : "DSA-3008",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3008"
},
{
"name" : "RHSA-2014:1326",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
},
{
"name" : "RHSA-2014:1327",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"name" : "RHSA-2014:1765",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name" : "RHSA-2014:1766",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name" : "openSUSE-SU-2014:1133",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html"
},
{
"name" : "openSUSE-SU-2014:1245",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html"
},
{
"name" : "USN-2344-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2344-1"
},
{
"name" : "69322",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69322"
},
{
"name" : "60609",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60609"
},
{
"name" : "60696",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60696"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "RHSA-2014:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "60609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60609"
},
{
"name": "USN-2344-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2344-1"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "openSUSE-SU-2014:1245",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html"
},
{
"name": "https://bugs.php.net/bug.php?id=67717",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=67717"
},
{
"name": "RHSA-2014:1326",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "69322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69322"
},
{
"name": "DSA-3008",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"name": "RHSA-2014:1327",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2014-3597",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3597"
},
{
"name": "60696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60696"
},
{
"name": "openSUSE-SU-2014:1133",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html"
}
]
}
}

170
2014/3xxx/CVE-2014-3801.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140520 CVE request for vulnerability in OpenStack Heat",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/20/1"
},
{
"name" : "[oss-security] 20140520 Re: CVE request for vulnerability in OpenStack Heat",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/20/6"
},
{
"name" : "https://bugs.launchpad.net/heat/+bug/1311223",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/heat/+bug/1311223"
},
{
"name" : "RHSA-2014:1687",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1687.html"
},
{
"name" : "USN-2249-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2249-1"
},
{
"name" : "67505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67505"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67505"
},
{
"name": "USN-2249-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2249-1"
},
{
"name": "[oss-security] 20140520 CVE request for vulnerability in OpenStack Heat",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/20/1"
},
{
"name": "[oss-security] 20140520 Re: CVE request for vulnerability in OpenStack Heat",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/20/6"
},
{
"name": "https://bugs.launchpad.net/heat/+bug/1311223",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/heat/+bug/1311223"
},
{
"name": "RHSA-2014:1687",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1687.html"
}
]
}
}

130
2014/6xxx/CVE-2014-6108.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6108",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name" : "ibm-sim-cve20146108-info-disc(96172)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146108-info-disc(96172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172"
}
]
}
}

150
2014/6xxx/CVE-2014-6473.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "70546",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70546"
},
{
"name" : "1031032",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031032"
},
{
"name" : "61593",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61593"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "1031032",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031032"
},
{
"name": "61593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61593"
},
{
"name": "70546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70546"
}
]
}
}

140
2014/6xxx/CVE-2014-6979.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6979",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MiWay Insurance Ltd (aka com.MiWay.MD) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#714145",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/714145"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MiWay Insurance Ltd (aka com.MiWay.MD) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#714145",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/714145"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7723.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7723",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#727609",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/727609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#727609",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/727609"
}
]
}
}

130
2014/8xxx/CVE-2014-8015.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141222 Cisco Identity Services Engine Portal Privilege Elevation Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015"
},
{
"name" : "1031423",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031423"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141222 Cisco Identity Services Engine Portal Privilege Elevation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015"
},
{
"name": "1031423",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031423"
}
]
}
}

34
2014/8xxx/CVE-2014-8053.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8053",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8053",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

190
2014/8xxx/CVE-2014-8082.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141023 [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533799/100/0/threaded"
},
{
"name" : "20141023 [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Oct/106"
},
{
"name" : "http://karmainsecurity.com/KIS-2014-12",
"refsource" : "MISC",
"url" : "http://karmainsecurity.com/KIS-2014-12"
},
{
"name" : "http://packetstormsecurity.com/files/128824/TestLink-1.9.12-Path-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128824/TestLink-1.9.12-Path-Disclosure.html"
},
{
"name" : "http://mantis.testlink.org/view.php?id=6651",
"refsource" : "CONFIRM",
"url" : "http://mantis.testlink.org/view.php?id=6651"
},
{
"name" : "https://gitorious.org/testlink-ga/testlink-code/commit/c943e7a397f03e1f60b096c7e6eb94fdefd8a569",
"refsource" : "CONFIRM",
"url" : "https://gitorious.org/testlink-ga/testlink-code/commit/c943e7a397f03e1f60b096c7e6eb94fdefd8a569"
},
{
"name" : "70713",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70713"
},
{
"name" : "testlink-cve20148082-path-disclosure(97728)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97728"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141023 [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/106"
},
{
"name": "http://packetstormsecurity.com/files/128824/TestLink-1.9.12-Path-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128824/TestLink-1.9.12-Path-Disclosure.html"
},
{
"name": "http://karmainsecurity.com/KIS-2014-12",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2014-12"
},
{
"name": "20141023 [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533799/100/0/threaded"
},
{
"name": "http://mantis.testlink.org/view.php?id=6651",
"refsource": "CONFIRM",
"url": "http://mantis.testlink.org/view.php?id=6651"
},
{
"name": "testlink-cve20148082-path-disclosure(97728)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97728"
},
{
"name": "70713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70713"
},
{
"name": "https://gitorious.org/testlink-ga/testlink-code/commit/c943e7a397f03e1f60b096c7e6eb94fdefd8a569",
"refsource": "CONFIRM",
"url": "https://gitorious.org/testlink-ga/testlink-code/commit/c943e7a397f03e1f60b096c7e6eb94fdefd8a569"
}
]
}
}

130
2014/8xxx/CVE-2014-8307.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the \"drop down TOP menu (with path)\" section or (2) print_this_page variable in the footer_content_block section, as demonstrated by the QUERY_STRING to (a) index.php, (b) checkout.php, (c) contact.php, (d) detail.php, (e) distro.php, (f) newsletter.php, (g) page.php, (h) profile.php, (i) search.php, (j) sitemap.php, (k) task.php, or (l) tell.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140916 [Quantum Leap Advisory] #QLA140808 Cart Engine 3.0 Multiple vulnerabilities - SQL Injection, XSS Reflected, Open Redirect",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Sep/55"
},
{
"name" : "http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect",
"refsource" : "MISC",
"url" : "http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the \"drop down TOP menu (with path)\" section or (2) print_this_page variable in the footer_content_block section, as demonstrated by the QUERY_STRING to (a) index.php, (b) checkout.php, (c) contact.php, (d) detail.php, (e) distro.php, (f) newsletter.php, (g) page.php, (h) profile.php, (i) search.php, (j) sitemap.php, (k) task.php, or (l) tell.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect",
"refsource": "MISC",
"url": "http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect"
},
{
"name": "20140916 [Quantum Leap Advisory] #QLA140808 Cart Engine 3.0 Multiple vulnerabilities - SQL Injection, XSS Reflected, Open Redirect",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/55"
}
]
}
}

220
2014/8xxx/CVE-2014-8990.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8990",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141119 CVE request: lsyncd command injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/19/1"
},
{
"name" : "[oss-security] 20141120 Re: CVE request: lsyncd command injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/20/5"
},
{
"name" : "https://github.com/axkibe/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52",
"refsource" : "CONFIRM",
"url" : "https://github.com/axkibe/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52"
},
{
"name" : "https://github.com/axkibe/lsyncd/commit/e6016b3748370878778b8f0b568d5281cc248aa4",
"refsource" : "CONFIRM",
"url" : "https://github.com/axkibe/lsyncd/commit/e6016b3748370878778b8f0b568d5281cc248aa4"
},
{
"name" : "https://github.com/axkibe/lsyncd/issues/220",
"refsource" : "CONFIRM",
"url" : "https://github.com/axkibe/lsyncd/issues/220"
},
{
"name" : "DSA-3130",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3130"
},
{
"name" : "FEDORA-2014-15373",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145131.html"
},
{
"name" : "FEDORA-2014-15393",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145114.html"
},
{
"name" : "GLSA-201702-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-05"
},
{
"name" : "71179",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71179"
},
{
"name" : "62321",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62321"
},
{
"name": "FEDORA-2014-15373",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145131.html"
},
{
"name": "[oss-security] 20141119 CVE request: lsyncd command injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/19/1"
},
{
"name": "https://github.com/axkibe/lsyncd/issues/220",
"refsource": "CONFIRM",
"url": "https://github.com/axkibe/lsyncd/issues/220"
},
{
"name": "71179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71179"
},
{
"name": "https://github.com/axkibe/lsyncd/commit/e6016b3748370878778b8f0b568d5281cc248aa4",
"refsource": "CONFIRM",
"url": "https://github.com/axkibe/lsyncd/commit/e6016b3748370878778b8f0b568d5281cc248aa4"
},
{
"name": "FEDORA-2014-15393",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145114.html"
},
{
"name": "DSA-3130",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3130"
},
{
"name": "https://github.com/axkibe/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52",
"refsource": "CONFIRM",
"url": "https://github.com/axkibe/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52"
},
{
"name": "[oss-security] 20141120 Re: CVE request: lsyncd command injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/20/5"
},
{
"name": "GLSA-201702-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-05"
}
]
}
}

170
2016/2xxx/CVE-2016-2054.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a \"config\" command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"name" : "[Xymon] 20160208 Xymon 4.3.25 - Important Security Update",
"refsource" : "MLIST",
"url" : "http://lists.xymon.com/archive/2016-February/042986.html"
},
{
"name" : "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"name" : "https://sourceforge.net/p/xymon/code/7859/",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/xymon/code/7859/"
},
{
"name" : "https://sourceforge.net/p/xymon/code/7860/",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/xymon/code/7860/"
},
{
"name" : "DSA-3495",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3495"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a \"config\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/xymon/code/7859/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/xymon/code/7859/"
},
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"name": "DSA-3495",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"name": "[Xymon] 20160208 Xymon 4.3.25 - Important Security Update",
"refsource": "MLIST",
"url": "http://lists.xymon.com/archive/2016-February/042986.html"
},
{
"name": "https://sourceforge.net/p/xymon/code/7860/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/xymon/code/7860/"
},
{
"name": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
}
]
}
}

156
2016/2xxx/CVE-2016-2120.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2016-2120",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "pdns",
"version" : {
"version_data" : [
{
"version_value" : "up to and including 3.4.10"
},
{
"version_value" : "up to and including 4.0.1"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-190"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "up to and including 3.4.10"
},
{
"version_value": "up to and including 4.0.1"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120"
},
{
"name" : "DSA-3764",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3764"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3764",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120"
}
]
}
}

140
2016/2xxx/CVE-2016-2145.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[modmellon] 20160309 security update: mod_auth_mellon version 0.11.1",
"refsource" : "MLIST",
"url" : "https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html"
},
{
"name" : "https://github.com/UNINETT/mod_auth_mellon/pull/71",
"refsource" : "CONFIRM",
"url" : "https://github.com/UNINETT/mod_auth_mellon/pull/71"
},
{
"name" : "FEDORA-2016-5cf6959198",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[modmellon] 20160309 security update: mod_auth_mellon version 0.11.1",
"refsource": "MLIST",
"url": "https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html"
},
{
"name": "https://github.com/UNINETT/mod_auth_mellon/pull/71",
"refsource": "CONFIRM",
"url": "https://github.com/UNINETT/mod_auth_mellon/pull/71"
},
{
"name": "FEDORA-2016-5cf6959198",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html"
}
]
}
}

170
2016/2xxx/CVE-2016-2370.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-2370",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pidgin",
"version" : {
"version_data" : [
{
"version_value" : "2.10.11"
}
]
}
}
]
},
"vendor_name" : "Pidgin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0138/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"name" : "http://www.pidgin.im/news/security/?id=103",
"refsource" : "CONFIRM",
"url" : "http://www.pidgin.im/news/security/?id=103"
},
{
"name" : "DSA-3620",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3620"
},
{
"name" : "GLSA-201701-38",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-38"
},
{
"name" : "USN-3031-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"name" : "91335",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91335"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0138/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.pidgin.im/news/security/?id=103",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}

150
2016/2xxx/CVE-2016-2402.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2402",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160210 CVE request - OkHttp Certificate Pining Bypass",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/10/8"
},
{
"name" : "[oss-security] 20160217 Re: CVE request - OkHttp Certificate Pining Bypass",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/18/7"
},
{
"name" : "https://koz.io/pinning-cve-2016-2402/",
"refsource" : "MISC",
"url" : "https://koz.io/pinning-cve-2016-2402/"
},
{
"name" : "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/",
"refsource" : "CONFIRM",
"url" : "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://koz.io/pinning-cve-2016-2402/",
"refsource": "MISC",
"url": "https://koz.io/pinning-cve-2016-2402/"
},
{
"name": "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/",
"refsource": "CONFIRM",
"url": "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/"
},
{
"name": "[oss-security] 20160210 CVE request - OkHttp Certificate Pining Bypass",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/10/8"
},
{
"name": "[oss-security] 20160217 Re: CVE request - OkHttp Certificate Pining Bypass",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/18/7"
}
]
}
}

240
2016/2xxx/CVE-2016-2513.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2513",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab",
"refsource" : "CONFIRM",
"url" : "https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab"
},
{
"name" : "https://www.djangoproject.com/weblog/2016/mar/01/security-releases/",
"refsource" : "CONFIRM",
"url" : "https://www.djangoproject.com/weblog/2016/mar/01/security-releases/"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "DSA-3544",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3544"
},
{
"name" : "RHSA-2016:0504",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0504.html"
},
{
"name" : "RHSA-2016:0502",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0502.html"
},
{
"name" : "RHSA-2016:0505",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0505.html"
},
{
"name" : "RHSA-2016:0506",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0506.html"
},
{
"name" : "USN-2915-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2915-1"
},
{
"name" : "USN-2915-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2915-2"
},
{
"name" : "USN-2915-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2915-3"
},
{
"name" : "83878",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/83878"
},
{
"name" : "1035152",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0506",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0506.html"
},
{
"name": "https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab",
"refsource": "CONFIRM",
"url": "https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab"
},
{
"name": "1035152",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035152"
},
{
"name": "RHSA-2016:0504",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0504.html"
},
{
"name": "DSA-3544",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3544"
},
{
"name": "RHSA-2016:0502",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0502.html"
},
{
"name": "USN-2915-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2915-3"
},
{
"name": "83878",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83878"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "USN-2915-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2915-2"
},
{
"name": "RHSA-2016:0505",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0505.html"
},
{
"name": "USN-2915-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2915-1"
},
{
"name": "https://www.djangoproject.com/weblog/2016/mar/01/security-releases/",
"refsource": "CONFIRM",
"url": "https://www.djangoproject.com/weblog/2016/mar/01/security-releases/"
}
]
}
}

140
2017/18xxx/CVE-2017-18047.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18047",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42011",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42011/"
},
{
"name" : "43236",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43236/"
},
{
"name" : "43518",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43518/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43236",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43236/"
},
{
"name": "43518",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43518/"
},
{
"name": "42011",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42011/"
}
]
}
}

120
2017/18xxx/CVE-2017-18244.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.libav.org/show_bug.cgi?id=1105",
"refsource" : "MISC",
"url" : "https://bugzilla.libav.org/show_bug.cgi?id=1105"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.libav.org/show_bug.cgi?id=1105",
"refsource": "MISC",
"url": "https://bugzilla.libav.org/show_bug.cgi?id=1105"
}
]
}
}

140
2017/18xxx/CVE-2017-18345.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44252",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44252"
},
{
"name" : "https://cxsecurity.com/issue/WLB-2018030054",
"refsource" : "MISC",
"url" : "https://cxsecurity.com/issue/WLB-2018030054"
},
{
"name" : "https://vel.joomla.org/vel-blog/2020-joomanager-2-0-0-other",
"refsource" : "MISC",
"url" : "https://vel.joomla.org/vel-blog/2020-joomanager-2-0-0-other"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vel.joomla.org/vel-blog/2020-joomanager-2-0-0-other",
"refsource": "MISC",
"url": "https://vel.joomla.org/vel-blog/2020-joomanager-2-0-0-other"
},
{
"name": "44252",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44252"
},
{
"name": "https://cxsecurity.com/issue/WLB-2018030054",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2018030054"
}
]
}
}

34
2017/1xxx/CVE-2017-1880.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1880",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1880",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

130
2017/5xxx/CVE-2017-5233.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@rapid7.com",
"ID" : "CVE-2017-5233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "AppSpider Pro",
"version" : {
"version_data" : [
{
"version_value" : "All versions prior to version 6.14.053"
}
]
}
}
]
},
"vendor_name" : "Rapid7"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DLL Preloading"
}
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AppSpider Pro",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 6.14.053"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource" : "CONFIRM",
"url" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"name" : "96957",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96957"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"name": "96957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96957"
}
]
}
}

132
2017/5xxx/CVE-2017-5700.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2017-10-06T00:00:00",
"ID" : "CVE-2017-5700",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NUC Kits",
"version" : {
"version_data" : [
{
"version_value" : "BN0049 and below"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2017-10-06T00:00:00",
"ID": "CVE-2017-5700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NUC Kits",
"version": {
"version_data": [
{
"version_value": "BN0049 and below"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr"
},
{
"name" : "101241",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101241"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr"
},
{
"name": "101241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101241"
}
]
}
}