admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:25:52 +00:00
parent ae274a3c64
commit 856935b7e3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
45 changed files with 3554 additions and 3554 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

198
2006/0xxx/CVE-2006-0472.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0472",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060126 [eVuln] \"my little homepage\" products [link] BBCode XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423167/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/51/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/51/summary.html"
},
{
"name" : "20060130 My Little Homepage - source verify of different products",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-January/000520.html"
},
{
"name" : "http://evuln.com/vulns/51/",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/51/"
},
{
"name" : "16395",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16395"
},
{
"name" : "ADV-2006-0349",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0349"
},
{
"name" : "22855",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22855"
},
{
"name" : "18628",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18628"
},
{
"name" : "mylittlehomepage-link-tag-xss(24310)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24310"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060130 My Little Homepage - source verify of different products",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-January/000520.html"
},
{
"name": "18628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18628"
},
{
"name": "http://evuln.com/vulns/51/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/51/summary.html"
},
{
"name": "16395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16395"
},
{
"name": "20060126 [eVuln] \"my little homepage\" products [link] BBCode XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423167/100/0/threaded"
},
{
"name": "ADV-2006-0349",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0349"
},
{
"name": "http://evuln.com/vulns/51/",
"refsource": "MISC",
"url": "http://evuln.com/vulns/51/"
},
{
"name": "22855",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22855"
},
{
"name": "mylittlehomepage-link-tag-xss(24310)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24310"
}
]
}
}

248
2006/0xxx/CVE-2006-0735.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060215 [eVuln] My Blog BBCode XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425087/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/79/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/79/summary.html"
},
{
"name" : "20060215 [eVuln] M. Blom HTML::BBCode perl module XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425113/100/0/threaded"
},
{
"name" : "http://www.evuln.com/vulns/80/summary.html",
"refsource" : "MISC",
"url" : "http://www.evuln.com/vulns/80/summary.html"
},
{
"name" : "http://menno.b10m.net/perl/HTML-BBCode/Changes",
"refsource" : "CONFIRM",
"url" : "http://menno.b10m.net/perl/HTML-BBCode/Changes"
},
{
"name" : "http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz",
"refsource" : "CONFIRM",
"url" : "http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz"
},
{
"name" : "http://fuzzymonkey.net/forum/viewtopic.php?t=856",
"refsource" : "CONFIRM",
"url" : "http://fuzzymonkey.net/forum/viewtopic.php?t=856"
},
{
"name" : "http://evuln.com/vulns/80/summary.html",
"refsource" : "CONFIRM",
"url" : "http://evuln.com/vulns/80/summary.html"
},
{
"name" : "16659",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16659"
},
{
"name" : "ADV-2006-0614",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0614"
},
{
"name" : "ADV-2006-0642",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0642"
},
{
"name" : "18905",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18905"
},
{
"name" : "18925",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18925"
},
{
"name" : "myblog-bbcode-xss(24668)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24668"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://fuzzymonkey.net/forum/viewtopic.php?t=856",
"refsource": "CONFIRM",
"url": "http://fuzzymonkey.net/forum/viewtopic.php?t=856"
},
{
"name": "20060215 [eVuln] My Blog BBCode XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425087/100/0/threaded"
},
{
"name": "http://evuln.com/vulns/79/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/79/summary.html"
},
{
"name": "http://evuln.com/vulns/80/summary.html",
"refsource": "CONFIRM",
"url": "http://evuln.com/vulns/80/summary.html"
},
{
"name": "18905",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18905"
},
{
"name": "myblog-bbcode-xss(24668)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24668"
},
{
"name": "ADV-2006-0642",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0642"
},
{
"name": "16659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16659"
},
{
"name": "http://www.evuln.com/vulns/80/summary.html",
"refsource": "MISC",
"url": "http://www.evuln.com/vulns/80/summary.html"
},
{
"name": "http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz",
"refsource": "CONFIRM",
"url": "http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz"
},
{
"name": "18925",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18925"
},
{
"name": "20060215 [eVuln] M. Blom HTML::BBCode perl module XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425113/100/0/threaded"
},
{
"name": "ADV-2006-0614",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0614"
},
{
"name": "http://menno.b10m.net/perl/HTML-BBCode/Changes",
"refsource": "CONFIRM",
"url": "http://menno.b10m.net/perl/HTML-BBCode/Changes"
}
]
}
}

148
2006/0xxx/CVE-2006-0839.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0839",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060217 SNORT Incorrect fragmented packet reassembly",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425290/100/0/threaded"
},
{
"name" : "16705",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16705"
},
{
"name" : "18959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18959"
},
{
"name" : "snort-frag3-detection-bypass(24811)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24811"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060217 SNORT Incorrect fragmented packet reassembly",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425290/100/0/threaded"
},
{
"name": "16705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16705"
},
{
"name": "18959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18959"
},
{
"name": "snort-frag3-detection-bypass(24811)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24811"
}
]
}
}

198
2006/0xxx/CVE-2006-0841.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name" : "http://morph3us.org/advisories/20060214-mantis-100rc4.txt",
"refsource" : "MISC",
"url" : "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name" : "http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059",
"refsource" : "MISC",
"url" : "http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963",
"refsource" : "MISC",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963"
},
{
"name" : "DSA-1133",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1133"
},
{
"name" : "16657",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16657"
},
{
"name" : "23248",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23248"
},
{
"name" : "22487",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22487"
},
{
"name" : "21400",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21400"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "23248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23248"
},
{
"name": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "22487",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22487"
},
{
"name": "http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059",
"refsource": "MISC",
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059"
}
]
}
}

158
2006/1xxx/CVE-2006-1048.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.joomla.org/content/view/938/78/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/938/78/"
},
{
"name" : "ADV-2006-0818",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0818"
},
{
"name" : "23822",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23822"
},
{
"name" : "19105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19105"
},
{
"name" : "joomla-multiple-bypass-security(25033)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25033"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0818",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0818"
},
{
"name": "19105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19105"
},
{
"name": "joomla-multiple-bypass-security(25033)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25033"
},
{
"name": "http://www.joomla.org/content/view/938/78/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/938/78/"
},
{
"name": "23822",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23822"
}
]
}
}

32
2006/1xxx/CVE-2006-1171.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1171",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-1171",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

168
2006/1xxx/CVE-2006-1200.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060306 link bank code execution and xss",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426932/100/0/threaded"
},
{
"name" : "17004",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17004"
},
{
"name" : "ADV-2006-0885",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0885"
},
{
"name" : "23750",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23750"
},
{
"name" : "19154",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19154"
},
{
"name" : "553",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/553"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19154"
},
{
"name": "553",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/553"
},
{
"name": "23750",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23750"
},
{
"name": "17004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17004"
},
{
"name": "20060306 link bank code execution and xss",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426932/100/0/threaded"
},
{
"name": "ADV-2006-0885",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0885"
}
]
}
}

228
2006/1xxx/CVE-2006-1982.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1982",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.security-protocols.com/sp-x24-advisory.php",
"refsource" : "MISC",
"url" : "http://www.security-protocols.com/sp-x24-advisory.php"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=303411",
"refsource" : "MISC",
"url" : "http://docs.info.apple.com/article.html?artnum=303411"
},
{
"name" : "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233",
"refsource" : "MISC",
"url" : "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233"
},
{
"name" : "APPLE-SA-2006-05-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name" : "TA06-132A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name" : "17634",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17634"
},
{
"name" : "17951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17951"
},
{
"name" : "ADV-2006-1452",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1452"
},
{
"name" : "ADV-2006-1779",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name" : "31837",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/31837"
},
{
"name" : "19686",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19686"
},
{
"name" : "20077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20077"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "ADV-2006-1779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=303411",
"refsource": "MISC",
"url": "http://docs.info.apple.com/article.html?artnum=303411"
},
{
"name": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233",
"refsource": "MISC",
"url": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233"
},
{
"name": "http://www.security-protocols.com/sp-x24-advisory.php",
"refsource": "MISC",
"url": "http://www.security-protocols.com/sp-x24-advisory.php"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "ADV-2006-1452",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1452"
},
{
"name": "17634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17634"
},
{
"name": "20077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20077"
},
{
"name": "31837",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31837"
},
{
"name": "19686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19686"
}
]
}
}

158
2006/4xxx/CVE-2006-4232.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4232",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[security-announce] 20060815 Proxy Generation Tool Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html"
},
{
"name" : "19549",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19549"
},
{
"name" : "ADV-2006-3290",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name" : "21516",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21516"
},
{
"name" : "globus-grid-proxy-race-condition(28408)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28408"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name": "globus-grid-proxy-race-condition(28408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28408"
},
{
"name": "[security-announce] 20060815 Proxy Generation Tool Vulnerability",
"refsource": "MLIST",
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html"
},
{
"name": "21516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21516"
},
{
"name": "19549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19549"
}
]
}
}

128
2006/4xxx/CVE-2006-4351.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060815 OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443631/100/0/threaded"
},
{
"name" : "1448",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1448"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060815 OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443631/100/0/threaded"
},
{
"name": "1448",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1448"
}
]
}
}

188
2006/4xxx/CVE-2006-4877.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060916 PHP-Post Multiple Input Validation Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446318/100/0/threaded"
},
{
"name" : "20061",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20061"
},
{
"name" : "ADV-2006-3688",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3688"
},
{
"name" : "28965",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28965"
},
{
"name" : "28966",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28966"
},
{
"name" : "28967",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28967"
},
{
"name" : "22014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22014"
},
{
"name" : "1607",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1607"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20061"
},
{
"name": "ADV-2006-3688",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3688"
},
{
"name": "28966",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28966"
},
{
"name": "1607",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1607"
},
{
"name": "28967",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28967"
},
{
"name": "22014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22014"
},
{
"name": "20060916 PHP-Post Multiple Input Validation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446318/100/0/threaded"
},
{
"name": "28965",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28965"
}
]
}
}

158
2006/4xxx/CVE-2006-4913.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4913",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2389",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2389"
},
{
"name" : "20088",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20088"
},
{
"name" : "ADV-2006-3684",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3684"
},
{
"name" : "21961",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21961"
},
{
"name" : "alstrasoft-getstartoptions-file-include(29006)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29006"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20088"
},
{
"name": "ADV-2006-3684",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3684"
},
{
"name": "2389",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2389"
},
{
"name": "21961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21961"
},
{
"name": "alstrasoft-getstartoptions-file-include(29006)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29006"
}
]
}
}

118
2006/5xxx/CVE-2006-5197.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1016852",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016852"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016852",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016852"
}
]
}
}

168
2006/5xxx/CVE-2006-5677.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5677",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and earlier allows local users to create arbitrary files via a symlink attack on (1) a job output file in /usr/spool/PBS/spool and possibly (2) a job file in /usr/spool/PBS/mom_priv/jobs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061018 TORQUE Spool Job Race condition (torque <= 2.0.0p8)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449248/100/200/threaded"
},
{
"name" : "http://csirt.fe.up.pt/docs/TORQUE-audit.pdf",
"refsource" : "MISC",
"url" : "http://csirt.fe.up.pt/docs/TORQUE-audit.pdf"
},
{
"name" : "GLSA-200611-14",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200611-14.xml"
},
{
"name" : "20632",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20632"
},
{
"name" : "ADV-2006-4651",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4651"
},
{
"name" : "1820",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1820"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and earlier allows local users to create arbitrary files via a symlink attack on (1) a job output file in /usr/spool/PBS/spool and possibly (2) a job file in /usr/spool/PBS/mom_priv/jobs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061018 TORQUE Spool Job Race condition (torque <= 2.0.0p8)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449248/100/200/threaded"
},
{
"name": "GLSA-200611-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-14.xml"
},
{
"name": "ADV-2006-4651",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4651"
},
{
"name": "1820",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1820"
},
{
"name": "20632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20632"
},
{
"name": "http://csirt.fe.up.pt/docs/TORQUE-audit.pdf",
"refsource": "MISC",
"url": "http://csirt.fe.up.pt/docs/TORQUE-audit.pdf"
}
]
}
}

158
2010/0xxx/CVE-2010-0764.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0764",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1002-exploits/esmile-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1002-exploits/esmile-sql.txt"
},
{
"name" : "11382",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11382"
},
{
"name" : "62272",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62272"
},
{
"name" : "38548",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38548"
},
{
"name" : "esmile-index-sql-injection(56206)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56206"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62272",
"refsource": "OSVDB",
"url": "http://osvdb.org/62272"
},
{
"name": "11382",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11382"
},
{
"name": "esmile-index-sql-injection(56206)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56206"
},
{
"name": "38548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38548"
},
{
"name": "http://packetstormsecurity.org/1002-exploits/esmile-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/esmile-sql.txt"
}
]
}
}

138
2010/2xxx/CVE-2010-2106.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2106",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=16535",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=16535"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html"
},
{
"name" : "oval:org.mitre.oval:def:11644",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11644"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=16535",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=16535"
},
{
"name": "oval:org.mitre.oval:def:11644",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11644"
}
]
}
}

32
2010/2xxx/CVE-2010-2972.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2972",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1797. Reason: This candidate is a duplicate of CVE-2010-1797. Notes: All CVE users should reference CVE-2010-1797 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-2972",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1797. Reason: This candidate is a duplicate of CVE-2010-1797. Notes: All CVE users should reference CVE-2010-1797 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

118
2010/3xxx/CVE-2010-3360.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598291",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598291"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598291",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598291"
}
]
}
}

188
2010/4xxx/CVE-2010-4294.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name" : "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2010-0018.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name" : "45169",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45169"
},
{
"name" : "69596",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69596"
},
{
"name" : "1024819",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024819"
},
{
"name" : "42482",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42482"
},
{
"name" : "ADV-2010-3116",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3116"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45169"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "69596",
"refsource": "OSVDB",
"url": "http://osvdb.org/69596"
},
{
"name": "1024819",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3116"
}
]
}
}

208
2010/4xxx/CVE-2010-4295.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4295",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name" : "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2010-0018.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name" : "45167",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45167"
},
{
"name" : "69585",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69585"
},
{
"name" : "1024819",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024819"
},
{
"name" : "1024820",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024820"
},
{
"name" : "42453",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42453"
},
{
"name" : "42482",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42482"
},
{
"name" : "ADV-2010-3116",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3116"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name": "69585",
"refsource": "OSVDB",
"url": "http://osvdb.org/69585"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45167"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "42453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42453"
},
{
"name": "1024819",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"name": "1024820",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024820"
}
]
}
}

128
2010/4xxx/CVE-2010-4322.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4322",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101210 Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515147/100/0/threaded"
},
{
"name" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Novell-Vibe-Beta-3-XSS-vulnerability.html",
"refsource" : "MISC",
"url" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Novell-Vibe-Beta-3-XSS-vulnerability.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Novell-Vibe-Beta-3-XSS-vulnerability.html",
"refsource": "MISC",
"url": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Novell-Vibe-Beta-3-XSS-vulnerability.html"
},
{
"name": "20101210 Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515147/100/0/threaded"
}
]
}
}

118
2010/4xxx/CVE-2010-4354.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4354",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101129 Cisco IPSec VPN Implementation Group Name Enumeration Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080b5992c.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20101129 Cisco IPSec VPN Implementation Group Name Enumeration Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080b5992c.html"
}
]
}
}

128
2011/5xxx/CVE-2011-5256.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5256",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://limesurvey.svn.sourceforge.net/viewvc/limesurvey/source/limesurvey/docs/release_notes.txt?view=markup",
"refsource" : "CONFIRM",
"url" : "http://limesurvey.svn.sourceforge.net/viewvc/limesurvey/source/limesurvey/docs/release_notes.txt?view=markup"
},
{
"name" : "46831",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46831"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://limesurvey.svn.sourceforge.net/viewvc/limesurvey/source/limesurvey/docs/release_notes.txt?view=markup",
"refsource": "CONFIRM",
"url": "http://limesurvey.svn.sourceforge.net/viewvc/limesurvey/source/limesurvey/docs/release_notes.txt?view=markup"
},
{
"name": "46831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46831"
}
]
}
}

168
2014/3xxx/CVE-2014-3022.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3022",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681249",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681249"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"name" : "PI09594",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI09594"
},
{
"name" : "68211",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68211"
},
{
"name" : "ibm-was-cve20143022-info-disc(93060)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93060"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI09594",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI09594"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"name": "68211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68211"
},
{
"name": "ibm-was-cve20143022-info-disc(93060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93060"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681249",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681249"
}
]
}
}

438
2014/3xxx/CVE-2014-3466.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/",
"refsource" : "MISC",
"url" : "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/"
},
{
"name" : "http://www.gnutls.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://www.gnutls.org/security.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101932",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101932"
},
{
"name" : "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd",
"refsource" : "CONFIRM",
"url" : "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-0595.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-0595.html"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-0594.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678776",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678776"
},
{
"name" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155",
"refsource" : "CONFIRM",
"url" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155"
},
{
"name" : "http://www.novell.com/support/kb/doc.php?id=7015302",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name" : "http://www.novell.com/support/kb/doc.php?id=7015303",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"name" : "DSA-2944",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2944"
},
{
"name" : "RHSA-2014:0594",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name" : "RHSA-2014:0815",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name" : "RHSA-2014:0595",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0595.html"
},
{
"name" : "RHSA-2014:0684",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"name" : "openSUSE-SU-2014:0763",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"name" : "openSUSE-SU-2014:0767",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"name" : "SUSE-SU-2014:0758",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"name" : "SUSE-SU-2014:0788",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name" : "USN-2229-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2229-1"
},
{
"name" : "67741",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67741"
},
{
"name" : "1030314",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030314"
},
{
"name" : "58340",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58340"
},
{
"name" : "58598",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58598"
},
{
"name" : "58601",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58601"
},
{
"name" : "58642",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58642"
},
{
"name" : "59016",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59016"
},
{
"name" : "59057",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59057"
},
{
"name" : "59086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59086"
},
{
"name" : "59021",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59021"
},
{
"name" : "59838",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59838"
},
{
"name" : "60384",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60384"
},
{
"name" : "59408",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59408"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gnutls.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.gnutls.org/security.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678776",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678776"
},
{
"name": "DSA-2944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2944"
},
{
"name": "58340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58340"
},
{
"name": "RHSA-2014:0595",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0595.html"
},
{
"name": "USN-2229-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2229-1"
},
{
"name": "58642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58642"
},
{
"name": "67741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67741"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015302",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59057"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0595.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0595.html"
},
{
"name": "59086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59086"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932"
},
{
"name": "SUSE-SU-2014:0758",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"name": "RHSA-2014:0684",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"name": "openSUSE-SU-2014:0763",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"name": "59021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59021"
},
{
"name": "RHSA-2014:0815",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/",
"refsource": "MISC",
"url": "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015303",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "58598",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58598"
},
{
"name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155",
"refsource": "CONFIRM",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155"
},
{
"name": "59838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59838"
},
{
"name": "SUSE-SU-2014:0788",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "60384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60384"
},
{
"name": "RHSA-2014:0594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "59016",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59016"
},
{
"name": "openSUSE-SU-2014:0767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"name": "58601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58601"
},
{
"name": "59408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59408"
},
{
"name": "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd",
"refsource": "CONFIRM",
"url": "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd"
},
{
"name": "1030314",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030314"
}
]
}
}

138
2014/3xxx/CVE-2014-3909.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3909",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlier allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-3909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://service.falconsc.com/service/product/patch/index.html",
"refsource" : "MISC",
"url" : "https://service.falconsc.com/service/product/patch/index.html"
},
{
"name" : "JVN#49672671",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN49672671/index.html"
},
{
"name" : "JVNDB-2014-000084",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000084"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlier allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#49672671",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49672671/index.html"
},
{
"name": "https://service.falconsc.com/service/product/patch/index.html",
"refsource": "MISC",
"url": "https://service.falconsc.com/service/product/patch/index.html"
},
{
"name": "JVNDB-2014-000084",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000084"
}
]
}
}

208
2014/4xxx/CVE-2014-4479.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/HT204243",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204243"
},
{
"name" : "http://support.apple.com/HT204245",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204245"
},
{
"name" : "http://support.apple.com/HT204246",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204246"
},
{
"name" : "https://support.apple.com/kb/HT204949",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT204949"
},
{
"name" : "APPLE-SA-2015-01-27-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name" : "APPLE-SA-2015-01-27-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name" : "APPLE-SA-2015-01-27-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html"
},
{
"name" : "APPLE-SA-2015-06-30-6",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html"
},
{
"name" : "72330",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72330"
},
{
"name" : "1031647",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031647"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031647",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031647"
},
{
"name": "http://support.apple.com/HT204245",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204245"
},
{
"name": "http://support.apple.com/HT204246",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204246"
},
{
"name": "APPLE-SA-2015-06-30-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html"
},
{
"name": "http://support.apple.com/HT204243",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204243"
},
{
"name": "APPLE-SA-2015-01-27-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "APPLE-SA-2015-01-27-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html"
},
{
"name": "https://support.apple.com/kb/HT204949",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT204949"
},
{
"name": "72330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72330"
},
{
"name": "APPLE-SA-2015-01-27-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
}
]
}
}

288
2014/4xxx/CVE-2014-4667.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4667",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140627 Re: CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/06/27/11"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d3217b15a19a4779c39b212358a5c71d725822ee",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d3217b15a19a4779c39b212358a5c71d725822ee"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1113967",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1113967"
},
{
"name" : "https://github.com/torvalds/linux/commit/d3217b15a19a4779c39b212358a5c71d725822ee",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/d3217b15a19a4779c39b212358a5c71d725822ee"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-3068.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-3068.html"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-3069.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-3069.html"
},
{
"name" : "DSA-2992",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2992"
},
{
"name" : "SUSE-SU-2014:1316",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
},
{
"name" : "SUSE-SU-2014:1319",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
},
{
"name" : "SUSE-SU-2015:0812",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"name" : "USN-2334-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2334-1"
},
{
"name" : "USN-2335-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2335-1"
},
{
"name" : "68224",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68224"
},
{
"name" : "59777",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59777"
},
{
"name" : "60564",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60564"
},
{
"name" : "59790",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59790"
},
{
"name" : "60596",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60596"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/d3217b15a19a4779c39b212358a5c71d725822ee",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/d3217b15a19a4779c39b212358a5c71d725822ee"
},
{
"name": "SUSE-SU-2014:1316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
},
{
"name": "[oss-security] 20140627 Re: CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/27/11"
},
{
"name": "59790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59790"
},
{
"name": "USN-2335-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2335-1"
},
{
"name": "USN-2334-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2334-1"
},
{
"name": "SUSE-SU-2014:1319",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
},
{
"name": "60564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60564"
},
{
"name": "68224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68224"
},
{
"name": "59777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59777"
},
{
"name": "60596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60596"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-3068.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-3068.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-3069.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-3069.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1113967",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113967"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"
},
{
"name": "DSA-2992",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2992"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d3217b15a19a4779c39b212358a5c71d725822ee",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d3217b15a19a4779c39b212358a5c71d725822ee"
},
{
"name": "SUSE-SU-2015:0812",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
}

138
2014/8xxx/CVE-2014-8349.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8349",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141120 CVE-2014-8349 LIFERAY Portal Stored XSS",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/61"
},
{
"name" : "http://packetstormsecurity.com/files/129199/Liferay-Portal-6.2-EE-SP8-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129199/Liferay-Portal-6.2-EE-SP8-Cross-Site-Scripting.html"
},
{
"name" : "1031255",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031255"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031255",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031255"
},
{
"name": "http://packetstormsecurity.com/files/129199/Liferay-Portal-6.2-EE-SP8-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129199/Liferay-Portal-6.2-EE-SP8-Cross-Site-Scripting.html"
},
{
"name": "20141120 CVE-2014-8349 LIFERAY Portal Stored XSS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/61"
}
]
}
}

118
2014/8xxx/CVE-2014-8448.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8448",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-8448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://helpx.adobe.com/security/products/reader/apsb14-28.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/reader/apsb14-28.html"
}
]
}
}

32
2014/8xxx/CVE-2014-8862.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8862",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8862",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

32
2014/8xxx/CVE-2014-8908.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8908",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8908",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2014/9xxx/CVE-2014-9248.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9248",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-9248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing",
"refsource" : "CONFIRM",
"url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"
},
{
"name" : "VU#449452",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/449452"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#449452",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/449452"
},
{
"name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing",
"refsource": "CONFIRM",
"url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"
}
]
}
}

138
2014/9xxx/CVE-2014-9345.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35463",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35463"
},
{
"name" : "http://packetstormsecurity.com/files/129390/Advertise-With-Pleasure-AWP-6.6-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129390/Advertise-With-Pleasure-AWP-6.6-SQL-Injection.html"
},
{
"name" : "115317",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/115317"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129390/Advertise-With-Pleasure-AWP-6.6-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129390/Advertise-With-Pleasure-AWP-6.6-SQL-Injection.html"
},
{
"name": "35463",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35463"
},
{
"name": "115317",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/115317"
}
]
}
}

118
2014/9xxx/CVE-2014-9416.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm"
}
]
}
}

128
2014/9xxx/CVE-2014-9951.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2014-9951",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure Through Timing Discrepancy Vulnerability in TrustZone"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "98252",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98252"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Through Timing Discrepancy Vulnerability in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98252"
},
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
}
]
}
}

188
2016/2xxx/CVE-2016-2222.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-2222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/110801",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/110801"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8376",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8376"
},
{
"name" : "https://codex.wordpress.org/Version_4.4.2",
"refsource" : "CONFIRM",
"url" : "https://codex.wordpress.org/Version_4.4.2"
},
{
"name" : "https://core.trac.wordpress.org/changeset/36435",
"refsource" : "CONFIRM",
"url" : "https://core.trac.wordpress.org/changeset/36435"
},
{
"name" : "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/"
},
{
"name" : "DSA-3472",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3472"
},
{
"name" : "82454",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/82454"
},
{
"name" : "1034933",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034933"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codex.wordpress.org/Version_4.4.2",
"refsource": "CONFIRM",
"url": "https://codex.wordpress.org/Version_4.4.2"
},
{
"name": "1034933",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034933"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8376",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8376"
},
{
"name": "https://core.trac.wordpress.org/changeset/36435",
"refsource": "CONFIRM",
"url": "https://core.trac.wordpress.org/changeset/36435"
},
{
"name": "82454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82454"
},
{
"name": "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/"
},
{
"name": "DSA-3472",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3472"
},
{
"name": "https://hackerone.com/reports/110801",
"refsource": "MISC",
"url": "https://hackerone.com/reports/110801"
}
]
}
}

118
2016/2xxx/CVE-2016-2231.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://debihiga.wordpress.com/sa-whip/",
"refsource" : "MISC",
"url" : "https://debihiga.wordpress.com/sa-whip/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://debihiga.wordpress.com/sa-whip/",
"refsource": "MISC",
"url": "https://debihiga.wordpress.com/sa-whip/"
}
]
}
}

128
2016/2xxx/CVE-2016-2298.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2298",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160517 [ICS] Meteocontrol WEB'log Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160517 [ICS] Meteocontrol WEB'log Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
]
}
}

238
2016/6xxx/CVE-2016-6297.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2016/07/24/2"
},
{
"name" : "http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities",
"refsource" : "MISC",
"url" : "http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities"
},
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9"
},
{
"name" : "http://php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://php.net/ChangeLog-5.php"
},
{
"name" : "http://php.net/ChangeLog-7.php",
"refsource" : "CONFIRM",
"url" : "http://php.net/ChangeLog-7.php"
},
{
"name" : "https://bugs.php.net/72520",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/72520"
},
{
"name" : "https://support.apple.com/HT207170",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207170"
},
{
"name" : "APPLE-SA-2016-09-20",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
},
{
"name" : "DSA-3631",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3631"
},
{
"name" : "GLSA-201611-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-22"
},
{
"name" : "RHSA-2016:2750",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name" : "92099",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92099"
},
{
"name" : "1036430",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036430"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-09-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
},
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "https://bugs.php.net/72520",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/72520"
},
{
"name": "RHSA-2016:2750",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities",
"refsource": "MISC",
"url": "http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "1036430",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036430"
},
{
"name": "DSA-3631",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3631"
},
{
"name": "http://php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-7.php"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9"
},
{
"name": "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2016/07/24/2"
},
{
"name": "https://support.apple.com/HT207170",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207170"
},
{
"name": "92099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92099"
}
]
}
}

158
2016/6xxx/CVE-2016-6301.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-6301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160803 CVE-2016-6301: busybox: NTP server denial of service flaw",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/08/03/7"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1363710",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1363710"
},
{
"name" : "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71",
"refsource" : "CONFIRM",
"url" : "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71"
},
{
"name" : "GLSA-201701-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-05"
},
{
"name" : "92277",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92277"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160803 CVE-2016-6301: busybox: NTP server denial of service flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/03/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1363710",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1363710"
},
{
"name": "92277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92277"
},
{
"name": "GLSA-201701-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-05"
},
{
"name": "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71",
"refsource": "CONFIRM",
"url": "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71"
}
]
}
}

178
2016/6xxx/CVE-2016-6503.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40196",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40196/"
},
{
"name" : "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2016/07/28/3"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2016-39.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2016-39.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1"
},
{
"name" : "92162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92162"
},
{
"name" : "1036480",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036480"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2016/07/28/3"
},
{
"name": "92162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92162"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2016-39.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2016-39.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1"
},
{
"name": "1036480",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036480"
},
{
"name": "40196",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40196/"
}
]
}
}

140
2016/6xxx/CVE-2016-6795.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2016-10-18T00:00:00",
"ID" : "CVE-2016-6795",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Struts",
"version" : {
"version_data" : [
{
"version_value" : "2.3.20 - 2.3.30"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Possible path traversal in the Convention plugin"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2016-10-18T00:00:00",
"ID": "CVE-2016-6795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Struts",
"version": {
"version_data": [
{
"version_value": "2.3.20 - 2.3.30"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://struts.apache.org/docs/s2-042.html",
"refsource" : "CONFIRM",
"url" : "https://struts.apache.org/docs/s2-042.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180629-0003/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180629-0003/"
},
{
"name" : "93773",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93773"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Possible path traversal in the Convention plugin"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93773"
},
{
"name": "https://struts.apache.org/docs/s2-042.html",
"refsource": "CONFIRM",
"url": "https://struts.apache.org/docs/s2-042.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180629-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180629-0003/"
}
]
}
}

138
2016/6xxx/CVE-2016-6971.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6971",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "93491",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93491"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "93491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93491"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
}
]
}
}

148
2016/7xxx/CVE-2016-7282.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Browser Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-144",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144"
},
{
"name" : "MS16-145",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145"
},
{
"name" : "94724",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94724"
},
{
"name" : "1037444",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037444"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Browser Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94724"
},
{
"name": "MS16-144",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144"
},
{
"name": "1037444",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037444"
},
{
"name": "MS16-145",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145"
}
]
}
}