admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:22:30 +00:00
parent fc40cca8ac
commit 86427b9519
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3489 additions and 3489 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2006/5xxx/CVE-2006-5203.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5203",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the \"Manage Forums\" link in the Admin control panel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061004 Invision Power Board Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
},
{
"name" : "ipb-description-xss(29352)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29352"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the \"Manage Forums\" link in the Admin control panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipb-description-xss(29352)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29352"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
]
}
}

190
2006/5xxx/CVE-2006-5243.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5243",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Doc 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_file.php, and (5) lib_form_file.php in sw/lib_up_file/; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified PHP scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061009 [ECHO_ADV_49$2006]OpenDock Easy Doc <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448010/100/0/threaded"
},
{
"name" : "http://advisories.echo.or.id/adv/adv49-theday-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv49-theday-2006.txt"
},
{
"name" : "20407",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20407"
},
{
"name" : "ADV-2006-3971",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3971"
},
{
"name" : "1017022",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017022"
},
{
"name" : "22334",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22334"
},
{
"name" : "1715",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1715"
},
{
"name" : "opendock-doc-directory-file-include(29404)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29404"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Doc 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_file.php, and (5) lib_form_file.php in sw/lib_up_file/; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified PHP scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "opendock-doc-directory-file-include(29404)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29404"
},
{
"name": "1715",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1715"
},
{
"name": "ADV-2006-3971",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3971"
},
{
"name": "1017022",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017022"
},
{
"name": "http://advisories.echo.or.id/adv/adv49-theday-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv49-theday-2006.txt"
},
{
"name": "20407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20407"
},
{
"name": "22334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22334"
},
{
"name": "20061009 [ECHO_ADV_49$2006]OpenDock Easy Doc <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448010/100/0/threaded"
}
]
}
}

170
2006/5xxx/CVE-2006-5285.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5285",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xp_body_text parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061012 XeoPort <= 0.81 SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448424/100/0/threaded"
},
{
"name" : "20061012 XeoPort <= 0.81 SQL Injection Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=116062269104422&w=2"
},
{
"name" : "20475",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20475"
},
{
"name" : "1017055",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017055"
},
{
"name" : "1735",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1735"
},
{
"name" : "xeoport-index-sql-injection(29479)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29479"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xp_body_text parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20475",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20475"
},
{
"name": "1017055",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017055"
},
{
"name": "1735",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1735"
},
{
"name": "20061012 XeoPort <= 0.81 SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448424/100/0/threaded"
},
{
"name": "20061012 XeoPort <= 0.81 SQL Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=116062269104422&w=2"
},
{
"name": "xeoport-index-sql-injection(29479)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29479"
}
]
}
}

160
2006/5xxx/CVE-2006-5519.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5519",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2613",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2613"
},
{
"name" : "20667",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20667"
},
{
"name" : "ADV-2006-4150",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4150"
},
{
"name" : "22521",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22521"
},
{
"name" : "mambweather-savant2-file-include(29697)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29697"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20667"
},
{
"name": "ADV-2006-4150",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4150"
},
{
"name": "2613",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2613"
},
{
"name": "22521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22521"
},
{
"name": "mambweather-savant2-file-include(29697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29697"
}
]
}
}

140
2006/5xxx/CVE-2006-5709.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5709",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a \"JavaScript exploit.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://files.altn.com/MDaemon/Release/RelNotes_en.txt",
"refsource" : "CONFIRM",
"url" : "http://files.altn.com/MDaemon/Release/RelNotes_en.txt"
},
{
"name" : "ADV-2006-4251",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4251"
},
{
"name" : "22507",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22507"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a \"JavaScript exploit.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22507"
},
{
"name": "http://files.altn.com/MDaemon/Release/RelNotes_en.txt",
"refsource": "CONFIRM",
"url": "http://files.altn.com/MDaemon/Release/RelNotes_en.txt"
},
{
"name": "ADV-2006-4251",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4251"
}
]
}
}

190
2006/5xxx/CVE-2006-5930.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5930",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061112 Web Interface remote file inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451354"
},
{
"name" : "2777",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2777"
},
{
"name" : "21038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21038"
},
{
"name" : "ADV-2006-4497",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4497"
},
{
"name" : "30377",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30377"
},
{
"name" : "30378",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30378"
},
{
"name" : "22862",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22862"
},
{
"name" : "1868",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1868"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30377",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30377"
},
{
"name": "ADV-2006-4497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4497"
},
{
"name": "30378",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30378"
},
{
"name": "21038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21038"
},
{
"name": "22862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22862"
},
{
"name": "2777",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2777"
},
{
"name": "20061112 Web Interface remote file inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451354"
},
{
"name": "1868",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1868"
}
]
}
}

150
2007/2xxx/CVE-2007-2079.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3738",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3738"
},
{
"name" : "23491",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23491"
},
{
"name" : "41594",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/41594"
},
{
"name" : "xampp-mssqlconnect-bo(33683)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xampp-mssqlconnect-bo(33683)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33683"
},
{
"name": "41594",
"refsource": "OSVDB",
"url": "http://osvdb.org/41594"
},
{
"name": "3738",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3738"
},
{
"name": "23491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23491"
}
]
}
}

210
2007/2xxx/CVE-2007-2119.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2119",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070418 Advisory: XSS Vulnerability in Oracle Secure Enterprise Search [SES01]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466156/100/0/threaded"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_css_ses.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_css_ses.html"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name" : "TA07-108A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
},
{
"name" : "23532",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23532"
},
{
"name" : "ADV-2007-1426",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1426"
},
{
"name" : "1017927",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017927"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA07-108A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_css_ses.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_css_ses.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
},
{
"name": "20070418 Advisory: XSS Vulnerability in Oracle Secure Enterprise Search [SES01]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466156/100/0/threaded"
},
{
"name": "23532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23532"
},
{
"name": "1017927",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017927"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "ADV-2007-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1426"
}
]
}
}

170
2007/2xxx/CVE-2007-2644.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3899",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3899"
},
{
"name" : "http://moaxb.blogspot.com/2007/05/morovia-barcode-activex-professional.html",
"refsource" : "MISC",
"url" : "http://moaxb.blogspot.com/2007/05/morovia-barcode-activex-professional.html"
},
{
"name" : "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=13",
"refsource" : "MISC",
"url" : "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=13"
},
{
"name" : "23934",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23934"
},
{
"name" : "37786",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37786"
},
{
"name" : "morovia-activex-save-code-execution(34248)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34248"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=13",
"refsource": "MISC",
"url": "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=13"
},
{
"name": "http://moaxb.blogspot.com/2007/05/morovia-barcode-activex-professional.html",
"refsource": "MISC",
"url": "http://moaxb.blogspot.com/2007/05/morovia-barcode-activex-professional.html"
},
{
"name": "3899",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3899"
},
{
"name": "37786",
"refsource": "OSVDB",
"url": "http://osvdb.org/37786"
},
{
"name": "morovia-activex-save-code-execution(34248)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34248"
},
{
"name": "23934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23934"
}
]
}
}

170
2007/2xxx/CVE-2007-2935.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3998",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3998"
},
{
"name" : "http://www.fundanemt.org/newsarchive/?number=23",
"refsource" : "CONFIRM",
"url" : "http://www.fundanemt.org/newsarchive/?number=23"
},
{
"name" : "24185",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24185"
},
{
"name" : "36657",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36657"
},
{
"name" : "25421",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25421"
},
{
"name" : "fundanemt-spellcheck-command-execution(34543)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34543"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "fundanemt-spellcheck-command-execution(34543)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34543"
},
{
"name": "25421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25421"
},
{
"name": "3998",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3998"
},
{
"name": "24185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24185"
},
{
"name": "http://www.fundanemt.org/newsarchive/?number=23",
"refsource": "CONFIRM",
"url": "http://www.fundanemt.org/newsarchive/?number=23"
},
{
"name": "36657",
"refsource": "OSVDB",
"url": "http://osvdb.org/36657"
}
]
}
}

200
2007/2xxx/CVE-2007-2971.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2971",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080418 Powered by gCards v1.46 SQL",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=120880332905213&w=2"
},
{
"name" : "20080421 Re: Powered by gCards v1.46 SQL",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=120881500629066&w=2"
},
{
"name" : "3988",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3988"
},
{
"name" : "24175",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24175"
},
{
"name" : "ADV-2007-1961",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1961"
},
{
"name" : "36317",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36317"
},
{
"name" : "25452",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25452"
},
{
"name" : "gcards-getnewsitem-sql-injection(34529)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34529"
},
{
"name" : "gcards-newsid-sql-injection(41927)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41927"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080418 Powered by gCards v1.46 SQL",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=120880332905213&w=2"
},
{
"name": "3988",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3988"
},
{
"name": "20080421 Re: Powered by gCards v1.46 SQL",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=120881500629066&w=2"
},
{
"name": "24175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24175"
},
{
"name": "36317",
"refsource": "OSVDB",
"url": "http://osvdb.org/36317"
},
{
"name": "ADV-2007-1961",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1961"
},
{
"name": "gcards-getnewsitem-sql-injection(34529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34529"
},
{
"name": "25452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25452"
},
{
"name": "gcards-newsid-sql-injection(41927)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41927"
}
]
}
}

170
2007/2xxx/CVE-2007-2987.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2987",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#603529",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/603529"
},
{
"name" : "24217",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24217"
},
{
"name" : "24274",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24274"
},
{
"name" : "ADV-2007-1977",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1977"
},
{
"name" : "36715",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36715"
},
{
"name" : "25473",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25473"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24217"
},
{
"name": "36715",
"refsource": "OSVDB",
"url": "http://osvdb.org/36715"
},
{
"name": "24274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24274"
},
{
"name": "ADV-2007-1977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1977"
},
{
"name": "VU#603529",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/603529"
},
{
"name": "25473",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25473"
}
]
}
}

140
2010/0xxx/CVE-2010-0157.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0157",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt"
},
{
"name" : "37583",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37583"
},
{
"name" : "37896",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37896"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37583"
},
{
"name": "37896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37896"
},
{
"name": "http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt"
}
]
}
}

140
2010/0xxx/CVE-2010-0445.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0445",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, 8.12, and 8.13 allows remote attackers to execute arbitrary commands via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-0445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02484",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=126582291202560&w=2"
},
{
"name" : "SSRT090076",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=126582291202560&w=2"
},
{
"name" : "38528",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38528"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, 8.12, and 8.13 allows remote attackers to execute arbitrary commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38528"
},
{
"name": "SSRT090076",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126582291202560&w=2"
},
{
"name": "HPSBMA02484",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126582291202560&w=2"
}
]
}
}

160
2010/0xxx/CVE-2010-0978.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1001-exploits/kmsoftgb-disclose.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1001-exploits/kmsoftgb-disclose.txt"
},
{
"name" : "11005",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11005"
},
{
"name" : "61487",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61487"
},
{
"name" : "38076",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38076"
},
{
"name" : "kmsoft-guestbok-db-info-disclosure(55376)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55376"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38076"
},
{
"name": "http://packetstormsecurity.org/1001-exploits/kmsoftgb-disclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/kmsoftgb-disclose.txt"
},
{
"name": "kmsoft-guestbok-db-info-disclosure(55376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55376"
},
{
"name": "61487",
"refsource": "OSVDB",
"url": "http://osvdb.org/61487"
},
{
"name": "11005",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11005"
}
]
}
}

34
2010/1xxx/CVE-2010-1564.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1564",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1564. Reason: This candidate is a duplicate of CVE-2009-1564. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2009-1564 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-1564",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1564. Reason: This candidate is a duplicate of CVE-2009-1564. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2009-1564 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

140
2010/1xxx/CVE-2010-1857.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1857",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a products.details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "TA10-159B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name" : "38907",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38907"
},
{
"name" : "39043",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39043"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a products.details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38907"
},
{
"name": "39043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39043"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
]
}
}

170
2010/5xxx/CVE-2010-5002.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5002",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100707 Exponent Slideshow XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512224/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/exponentcms-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/exponentcms-xss.txt"
},
{
"name" : "41447",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41447"
},
{
"name" : "36703",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36703"
},
{
"name" : "8485",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8485"
},
{
"name" : "exponentcms-slideshowjs-xss(60168)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60168"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8485",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8485"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/exponentcms-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/exponentcms-xss.txt"
},
{
"name": "41447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41447"
},
{
"name": "20100707 Exponent Slideshow XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512224/100/0/threaded"
},
{
"name": "exponentcms-slideshowjs-xss(60168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60168"
},
{
"name": "36703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36703"
}
]
}
}

150
2010/5xxx/CVE-2010-5084.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5084",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.madirish.net/?article=471",
"refsource" : "MISC",
"url" : "http://www.madirish.net/?article=471"
},
{
"name" : "http://e107.org/comment.php?comment.news.872",
"refsource" : "CONFIRM",
"url" : "http://e107.org/comment.php?comment.news.872"
},
{
"name" : "1024351",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024351"
},
{
"name" : "41034",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41034"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.madirish.net/?article=471",
"refsource": "MISC",
"url": "http://www.madirish.net/?article=471"
},
{
"name": "http://e107.org/comment.php?comment.news.872",
"refsource": "CONFIRM",
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"name": "1024351",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024351"
},
{
"name": "41034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41034"
}
]
}
}

120
2010/5xxx/CVE-2010-5316.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5316",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB22667",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB22667"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB22667",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB22667"
}
]
}
}

130
2014/0xxx/CVE-2014-0152.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0152",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://gerrit.ovirt.org/#/c/25959/",
"refsource" : "CONFIRM",
"url" : "http://gerrit.ovirt.org/#/c/25959/"
},
{
"name" : "http://www.ovirt.org/Security_advisories",
"refsource" : "CONFIRM",
"url" : "http://www.ovirt.org/Security_advisories"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://gerrit.ovirt.org/#/c/25959/",
"refsource": "CONFIRM",
"url": "http://gerrit.ovirt.org/#/c/25959/"
},
{
"name": "http://www.ovirt.org/Security_advisories",
"refsource": "CONFIRM",
"url": "http://www.ovirt.org/Security_advisories"
}
]
}
}

170
2014/0xxx/CVE-2014-0281.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0281",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0287."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-0281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-010",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010"
},
{
"name" : "65381",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65381"
},
{
"name" : "103180",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/103180"
},
{
"name" : "1029741",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029741"
},
{
"name" : "56796",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56796"
},
{
"name" : "ms-ie-cve20140281-code-exec(90771)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90773"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0287."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-010",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010"
},
{
"name": "ms-ie-cve20140281-code-exec(90771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90773"
},
{
"name": "1029741",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029741"
},
{
"name": "56796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56796"
},
{
"name": "103180",
"refsource": "OSVDB",
"url": "http://osvdb.org/103180"
},
{
"name": "65381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65381"
}
]
}
}

130
2014/0xxx/CVE-2014-0529.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0529",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-0529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/reader/apsb14-15.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/reader/apsb14-15.html"
},
{
"name" : "67362",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67362"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67362"
},
{
"name": "http://helpx.adobe.com/security/products/reader/apsb14-15.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/reader/apsb14-15.html"
}
]
}
}

120
2014/0xxx/CVE-2014-0709.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0709",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140219 Cisco UCS Director Default Credentials Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140219 Cisco UCS Director Default Credentials Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd"
}
]
}
}

170
2014/0xxx/CVE-2014-0866.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0866",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532598/100/0/threaded"
},
{
"name" : "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jun/173"
},
{
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt"
},
{
"name" : "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675881",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675881"
},
{
"name" : "ibm-aclm-cve20140866-plaintext(90940)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90940"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html"
},
{
"name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532598/100/0/threaded"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881"
},
{
"name": "ibm-aclm-cve20140866-plaintext(90940)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90940"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt"
},
{
"name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/173"
}
]
}
}

34
2014/1xxx/CVE-2014-1622.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1622",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1622",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/4xxx/CVE-2014-4153.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-207/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-207/"
},
{
"name" : "http://forums.alienvault.com/discussion/2806",
"refsource" : "CONFIRM",
"url" : "http://forums.alienvault.com/discussion/2806"
},
{
"name" : "59112",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59112"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.alienvault.com/discussion/2806",
"refsource": "CONFIRM",
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-207/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-207/"
},
{
"name": "59112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59112"
}
]
}
}

180
2014/4xxx/CVE-2014-4230.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4230",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI, a different vulnerability than CVE-2014-2468."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "68604",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68604"
},
{
"name" : "1030585",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030585"
},
{
"name" : "oracle-cpujul2014-cve20144230(94583)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94583"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI, a different vulnerability than CVE-2014-2468."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "68604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68604"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "oracle-cpujul2014-cve20144230(94583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94583"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "1030585",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030585"
}
]
}
}

34
2014/4xxx/CVE-2014-4273.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4273",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-4273",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

160
2014/4xxx/CVE-2014-4430.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4430",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT6535",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6535"
},
{
"name" : "APPLE-SA-2014-10-16-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name" : "70628",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70628"
},
{
"name" : "1031063",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031063"
},
{
"name" : "macosx-cve20144430-sec-bypass(97639)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97639"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "macosx-cve20144430-sec-bypass(97639)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97639"
},
{
"name": "70628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70628"
},
{
"name": "APPLE-SA-2014-10-16-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "1031063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031063"
},
{
"name": "https://support.apple.com/kb/HT6535",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6535"
}
]
}
}

130
2014/4xxx/CVE-2014-4865.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140911 CSRF vulnerabilities in CacheGuard-OS v5.7.7 (CVE-2014-4865)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Sep/38"
},
{
"name" : "VU#241508",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/241508"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140911 CSRF vulnerabilities in CacheGuard-OS v5.7.7 (CVE-2014-4865)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/38"
},
{
"name": "VU#241508",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/241508"
}
]
}
}

34
2014/5xxx/CVE-2014-5312.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5312",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5312",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/5xxx/CVE-2014-5671.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Super Stickman Golf (aka com.noodlecake.ssg) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#591297",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/591297"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Super Stickman Golf (aka com.noodlecake.ssg) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#591297",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/591297"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

180
2014/9xxx/CVE-2014-9714.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9714",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
"refsource" : "MLIST",
"url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
},
{
"name" : "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/01/1"
},
{
"name" : "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/07/3"
},
{
"name" : "https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34",
"refsource" : "CONFIRM",
"url" : "https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34"
},
{
"name" : "https://github.com/facebook/hhvm/issues/4283",
"refsource" : "CONFIRM",
"url" : "https://github.com/facebook/hhvm/issues/4283"
},
{
"name" : "https://phabricator.wikimedia.org/T85851",
"refsource" : "CONFIRM",
"url" : "https://phabricator.wikimedia.org/T85851"
},
{
"name" : "74061",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74061"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74061"
},
{
"name": "https://phabricator.wikimedia.org/T85851",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T85851"
},
{
"name": "https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34",
"refsource": "CONFIRM",
"url": "https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34"
},
{
"name": "https://github.com/facebook/hhvm/issues/4283",
"refsource": "CONFIRM",
"url": "https://github.com/facebook/hhvm/issues/4283"
},
{
"name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
},
{
"name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
},
{
"name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
}
]
}
}

132
2014/9xxx/CVE-2014-9975.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-07-01T00:00:00",
"ID" : "CVE-2014-9975",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Authentication in TrustZone"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-07-01T00:00:00",
"ID": "CVE-2014-9975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name" : "99467",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99467"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "99467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99467"
}
]
}
}

140
2016/3xxx/CVE-2016-3345.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Authenticated Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-114",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-114"
},
{
"name" : "92859",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92859"
},
{
"name" : "1036803",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036803"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Authenticated Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92859"
},
{
"name": "1036803",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036803"
},
{
"name": "MS16-114",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-114"
}
]
}
}

150
2016/3xxx/CVE-2016-3545.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3545",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Web based help screens."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91882",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91882"
},
{
"name" : "1036403",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036403"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Web based help screens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91882"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "1036403",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036403"
}
]
}
}

130
2016/3xxx/CVE-2016-3757.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3757",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237. NOTE: print_maps is not related to the Vic Abell lsof product."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name" : "https://android.googlesource.com/platform/system/core/+/ae18eb014609948a40e22192b87b10efc680daa7",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/system/core/+/ae18eb014609948a40e22192b87b10efc680daa7"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237. NOTE: print_maps is not related to the Vic Abell lsof product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/system/core/+/ae18eb014609948a40e22192b87b10efc680daa7",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/system/core/+/ae18eb014609948a40e22192b87b10efc680daa7"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

120
2016/7xxx/CVE-2016-7507.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7507",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/glpi-project/glpi/issues/2483",
"refsource" : "CONFIRM",
"url" : "https://github.com/glpi-project/glpi/issues/2483"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/glpi-project/glpi/issues/2483",
"refsource": "CONFIRM",
"url": "https://github.com/glpi-project/glpi/issues/2483"
}
]
}
}

140
2016/7xxx/CVE-2016-7904.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7904",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dev.cmsmadesimple.org/project/changelog/5392",
"refsource" : "MISC",
"url" : "http://dev.cmsmadesimple.org/project/changelog/5392"
},
{
"name" : "http://www.openwall.com/lists/oss-security/2017/01/16/1",
"refsource" : "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/16/1"
},
{
"name" : "95453",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95453"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2017/01/16/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/01/16/1"
},
{
"name": "95453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95453"
},
{
"name": "http://dev.cmsmadesimple.org/project/changelog/5392",
"refsource": "MISC",
"url": "http://dev.cmsmadesimple.org/project/changelog/5392"
}
]
}
}

130
2016/7xxx/CVE-2016-7964.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/splitbrain/dokuwiki/issues/1708",
"refsource" : "CONFIRM",
"url" : "https://github.com/splitbrain/dokuwiki/issues/1708"
},
{
"name" : "94245",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94245"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94245"
},
{
"name": "https://github.com/splitbrain/dokuwiki/issues/1708",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/issues/1708"
}
]
}
}

34
2016/8xxx/CVE-2016-8049.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8049",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8049",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2016/8xxx/CVE-2016-8286.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2016-8286",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "GLSA-201701-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-01"
},
{
"name" : "93745",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93745"
},
{
"name" : "1037050",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201701-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-01"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "93745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93745"
},
{
"name": "1037050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037050"
}
]
}
}

146
2016/8xxx/CVE-2016-8329.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2016-8329",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise PT PeopleTools",
"version" : {
"version_data" : [
{
"version_value" : "8.54"
},
{
"version_value" : "8.55"
}
]
}
}
]
},
"vendor_name" : "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Application Platform). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_value": "8.54"
},
{
"version_value": "8.55"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "95495",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95495"
},
{
"name" : "1037634",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037634"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Application Platform). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037634",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037634"
},
{
"name": "95495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95495"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

34
2016/8xxx/CVE-2016-8833.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8833",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8833",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

150
2016/9xxx/CVE-2016-9118.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9118",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/uclouvain/openjpeg/issues/861",
"refsource" : "MISC",
"url" : "https://github.com/uclouvain/openjpeg/issues/861"
},
{
"name" : "DSA-4013",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-4013"
},
{
"name" : "GLSA-201710-26",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-26"
},
{
"name" : "93976",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93976"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/861",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/861"
},
{
"name": "DSA-4013",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-4013"
},
{
"name": "93976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93976"
}
]
}
}

150
2016/9xxx/CVE-2016-9120.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9120",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-9120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9590232bb4f4cc824f3425a6e1349afbe6d6d2b7",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9590232bb4f4cc824f3425a6e1349afbe6d6d2b7"
},
{
"name" : "http://source.android.com/security/bulletin/2016-12-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name" : "https://github.com/torvalds/linux/commit/9590232bb4f4cc824f3425a6e1349afbe6d6d2b7",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/9590232bb4f4cc824f3425a6e1349afbe6d6d2b7"
},
{
"name" : "94669",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94669"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/9590232bb4f4cc824f3425a6e1349afbe6d6d2b7",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9590232bb4f4cc824f3425a6e1349afbe6d6d2b7"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9590232bb4f4cc824f3425a6e1349afbe6d6d2b7",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9590232bb4f4cc824f3425a6e1349afbe6d6d2b7"
},
{
"name": "94669",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94669"
},
{
"name": "http://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-12-01.html"
}
]
}
}

202
2016/9xxx/CVE-2016-9594.json
View File

@ -1,103 +1,103 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2016-9594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "curl",
"version" : {
"version_data" : [
{
"version_value" : "curl 7.52.1"
}
]
}
}
]
},
"vendor_name" : ""
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
],
[
{
"vectorString" : "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-665"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "curl",
"version": {
"version_data": [
{
"version_value": "curl 7.52.1"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594"
},
{
"name" : "https://curl.haxx.se/docs/adv_20161223.html",
"refsource" : "CONFIRM",
"url" : "https://curl.haxx.se/docs/adv_20161223.html"
},
{
"name" : "https://www.tenable.com/security/tns-2017-04",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2017-04"
},
{
"name" : "GLSA-201701-47",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-47"
},
{
"name" : "95094",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95094"
},
{
"name" : "1037528",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037528"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95094"
},
{
"name": "https://curl.haxx.se/docs/adv_20161223.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_20161223.html"
},
{
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "1037528",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037528"
},
{
"name": "GLSA-201701-47",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-47"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594"
}
]
}
}

140
2019/2xxx/CVE-2019-2493.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise CS Campus Community",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "9.0"
},
{
"version_affected" : "=",
"version_value" : "9.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). Supported versions that are affected are 9.0 and 9.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CS Campus Community accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise CS Campus Community",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.0"
},
{
"version_affected": "=",
"version_value": "9.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106610",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106610"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). Supported versions that are affected are 9.0 and 9.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CS Campus Community accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106610"
}
]
}
}

140
2019/2xxx/CVE-2019-2500.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2500",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "5.2.24"
},
{
"version_affected" : "<",
"version_value" : "6.0.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.2.24"
},
{
"version_affected": "<",
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106568"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106568"
}
]
}
}

34
2019/2xxx/CVE-2019-2834.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2834",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2834",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}