admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:20:39 +00:00
parent 0308f29e4b
commit 8d5180d1d9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
44 changed files with 3503 additions and 3503 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/0xxx/CVE-2006-0441.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060124 SamiFTPd buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423148/100/0/threaded"
},
{
"name" : "40675",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40675/"
},
{
"name" : "http://www.critical.lt/?vulnerabilities/208",
"refsource" : "MISC",
"url" : "http://www.critical.lt/?vulnerabilities/208"
},
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/sami_ftp_poc.pl",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/sami_ftp_poc.pl"
},
{
"name" : "http://www.karjasoft.com/samiftp/news",
"refsource" : "CONFIRM",
"url" : "http://www.karjasoft.com/samiftp/news"
},
{
"name" : "16370",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16370"
},
{
"name" : "ADV-2006-0317",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0317"
},
{
"name" : "18574",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18574"
},
{
"name" : "samiftpserver-user-bo(24325)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24325"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060124 SamiFTPd buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423148/100/0/threaded"
},
{
"name": "40675",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40675/"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/sami_ftp_poc.pl",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sami_ftp_poc.pl"
},
{
"name": "http://www.karjasoft.com/samiftp/news",
"refsource": "CONFIRM",
"url": "http://www.karjasoft.com/samiftp/news"
},
{
"name": "http://www.critical.lt/?vulnerabilities/208",
"refsource": "MISC",
"url": "http://www.critical.lt/?vulnerabilities/208"
},
{
"name": "18574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18574"
},
{
"name": "samiftpserver-user-bo(24325)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24325"
},
{
"name": "16370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16370"
},
{
"name": "ADV-2006-0317",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0317"
}
]
}
}

180
2006/0xxx/CVE-2006-0578.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CONNECT rules when using Deep Content Inspection, which allows remote attackers to bypass connection filters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.secumind.net/content/french/modules/news/article.php?storyid=8",
"refsource" : "MISC",
"url" : "http://www.secumind.net/content/french/modules/news/article.php?storyid=8"
},
{
"name" : "http://www.bluecoat.com/support/knowledge/advisory_connect_denial_ignore.html",
"refsource" : "CONFIRM",
"url" : "http://www.bluecoat.com/support/knowledge/advisory_connect_denial_ignore.html"
},
{
"name" : "ADV-2006-0401",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0401"
},
{
"name" : "22853",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22853"
},
{
"name" : "1015644",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015644"
},
{
"name" : "18622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18622"
},
{
"name" : "proxysg-connect-bypass-security(24446)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24446"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CONNECT rules when using Deep Content Inspection, which allows remote attackers to bypass connection filters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22853",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22853"
},
{
"name": "http://www.bluecoat.com/support/knowledge/advisory_connect_denial_ignore.html",
"refsource": "CONFIRM",
"url": "http://www.bluecoat.com/support/knowledge/advisory_connect_denial_ignore.html"
},
{
"name": "18622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18622"
},
{
"name": "1015644",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015644"
},
{
"name": "ADV-2006-0401",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0401"
},
{
"name": "http://www.secumind.net/content/french/modules/news/article.php?storyid=8",
"refsource": "MISC",
"url": "http://www.secumind.net/content/french/modules/news/article.php?storyid=8"
},
{
"name": "proxysg-connect-bypass-security(24446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24446"
}
]
}
}

170
2006/1xxx/CVE-2006-1750.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1750",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060411 Autogallery Multiple Cross-Site Scripting Vulnerabilitie",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0220.html"
},
{
"name" : "http://www.elitemexico.org/12.txt",
"refsource" : "MISC",
"url" : "http://www.elitemexico.org/12.txt"
},
{
"name" : "17480",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17480"
},
{
"name" : "ADV-2006-1328",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1328"
},
{
"name" : "19629",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19629"
},
{
"name" : "autogallery-index-xss(25756)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25756"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.elitemexico.org/12.txt",
"refsource": "MISC",
"url": "http://www.elitemexico.org/12.txt"
},
{
"name": "autogallery-index-xss(25756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25756"
},
{
"name": "17480",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17480"
},
{
"name": "20060411 Autogallery Multiple Cross-Site Scripting Vulnerabilitie",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0220.html"
},
{
"name": "19629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19629"
},
{
"name": "ADV-2006-1328",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1328"
}
]
}
}

220
2006/5xxx/CVE-2006-5142.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061005 TSRT-06-12: CA BrightStor Discovery Service Mailslot Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447853/100/100/threaded"
},
{
"name" : "20061006 [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447839/100/100/threaded"
},
{
"name" : "http://www.tippingpoint.com/security/advisories/TSRT-06-12.html",
"refsource" : "MISC",
"url" : "http://www.tippingpoint.com/security/advisories/TSRT-06-12.html"
},
{
"name" : "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp",
"refsource" : "CONFIRM",
"url" : "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp"
},
{
"name" : "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744",
"refsource" : "CONFIRM",
"url" : "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744"
},
{
"name" : "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744",
"refsource" : "CONFIRM",
"url" : "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744"
},
{
"name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34694",
"refsource" : "CONFIRM",
"url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34694"
},
{
"name" : "20364",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20364"
},
{
"name" : "ADV-2006-3930",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3930"
},
{
"name" : "22283",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22283"
},
{
"name" : "ca-brightstor-discovery-mailslot-bo(29365)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29365"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ca-brightstor-discovery-mailslot-bo(29365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29365"
},
{
"name": "http://www.tippingpoint.com/security/advisories/TSRT-06-12.html",
"refsource": "MISC",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-12.html"
},
{
"name": "20364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20364"
},
{
"name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34694",
"refsource": "CONFIRM",
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34694"
},
{
"name": "20061005 TSRT-06-12: CA BrightStor Discovery Service Mailslot Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447853/100/100/threaded"
},
{
"name": "ADV-2006-3930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3930"
},
{
"name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744",
"refsource": "CONFIRM",
"url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744"
},
{
"name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744",
"refsource": "CONFIRM",
"url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744"
},
{
"name": "22283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22283"
},
{
"name": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp"
},
{
"name": "20061006 [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447839/100/100/threaded"
}
]
}
}

180
2006/5xxx/CVE-2006-5245.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5245",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eazy Cart allows remote attackers to bypass authentication and gain administrative access via a direct request for admin/home/index.php, and possibly other PHP scripts under admin/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061010 MHL-2006-001 Public Advisory: \"Eazy Cart\" Multiple Security Issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448094/100/0/threaded"
},
{
"name" : "http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt",
"refsource" : "MISC",
"url" : "http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt"
},
{
"name" : "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001",
"refsource" : "MISC",
"url" : "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001"
},
{
"name" : "1017041",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017041"
},
{
"name" : "22286",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22286"
},
{
"name" : "1717",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1717"
},
{
"name" : "eazycart-admin-authentication-bypass(29419)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29419"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eazy Cart allows remote attackers to bypass authentication and gain administrative access via a direct request for admin/home/index.php, and possibly other PHP scripts under admin/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1717",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1717"
},
{
"name": "eazycart-admin-authentication-bypass(29419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29419"
},
{
"name": "20061010 MHL-2006-001 Public Advisory: \"Eazy Cart\" Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448094/100/0/threaded"
},
{
"name": "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001",
"refsource": "MISC",
"url": "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001"
},
{
"name": "1017041",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017041"
},
{
"name": "22286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22286"
},
{
"name": "http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt",
"refsource": "MISC",
"url": "http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt"
}
]
}
}

160
2006/5xxx/CVE-2006-5283.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5283",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2519",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2519"
},
{
"name" : "20482",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20482"
},
{
"name" : "ADV-2006-4012",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4012"
},
{
"name" : "22321",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22321"
},
{
"name" : "minichat-ftag-file-include(29474)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29474"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "minichat-ftag-file-include(29474)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29474"
},
{
"name": "ADV-2006-4012",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4012"
},
{
"name": "22321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22321"
},
{
"name": "2519",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2519"
},
{
"name": "20482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20482"
}
]
}
}

300
2006/5xxx/CVE-2006-5444.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061018 Security-Assessment.com Advisory: Asterisk remote heap overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449127/100/0/threaded"
},
{
"name" : "20061018 Asterisk remote heap overflow",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html"
},
{
"name" : "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12",
"refsource" : "CONFIRM",
"url" : "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12"
},
{
"name" : "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13",
"refsource" : "CONFIRM",
"url" : "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
},
{
"name" : "http://www.asterisk.org/node/109",
"refsource" : "CONFIRM",
"url" : "http://www.asterisk.org/node/109"
},
{
"name" : "DSA-1229",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2006/dsa-1229"
},
{
"name" : "GLSA-200610-15",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name" : "OpenPKG-SA-2006.024",
"refsource" : "OPENPKG",
"url" : "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
},
{
"name" : "SUSE-SA:2006:069",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
},
{
"name" : "VU#521252",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/521252"
},
{
"name" : "20617",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20617"
},
{
"name" : "ADV-2006-4097",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4097"
},
{
"name" : "29972",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29972"
},
{
"name" : "1017089",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017089"
},
{
"name" : "22480",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22480"
},
{
"name" : "22651",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22651"
},
{
"name" : "22979",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22979"
},
{
"name" : "23212",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23212"
},
{
"name" : "asterisk-getinput-code-execution(29663)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29663"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22480"
},
{
"name": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
},
{
"name": "DSA-1229",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1229"
},
{
"name": "GLSA-200610-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name": "SUSE-SA:2006:069",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
},
{
"name": "20617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20617"
},
{
"name": "ADV-2006-4097",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4097"
},
{
"name": "22651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22651"
},
{
"name": "29972",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29972"
},
{
"name": "OpenPKG-SA-2006.024",
"refsource": "OPENPKG",
"url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
},
{
"name": "20061018 Asterisk remote heap overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html"
},
{
"name": "23212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23212"
},
{
"name": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12"
},
{
"name": "asterisk-getinput-code-execution(29663)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29663"
},
{
"name": "VU#521252",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/521252"
},
{
"name": "1017089",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017089"
},
{
"name": "22979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22979"
},
{
"name": "http://www.asterisk.org/node/109",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/node/109"
},
{
"name": "20061018 Security-Assessment.com Advisory: Asterisk remote heap overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449127/100/0/threaded"
}
]
}
}

370
2006/5xxx/CVE-2006-5467.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5467",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a \"-\" instead of \"--\" and contains an inconsistent ID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-5467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[mongrel-users] 20061025 [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack",
"refsource" : "MLIST",
"url" : "http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=305530",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name" : "APPLE-SA-2007-05-24",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name" : "DSA-1234",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1234"
},
{
"name" : "DSA-1235",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1235"
},
{
"name" : "GLSA-200611-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200611-12.xml"
},
{
"name" : "MDKSA-2006:192",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:192"
},
{
"name" : "OpenPKG-SA-2006.030",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html"
},
{
"name" : "RHSA-2006:0729",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0729.html"
},
{
"name" : "20061101-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"name" : "SUSE-SR:2006:026",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name" : "USN-371-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-371-1"
},
{
"name" : "20777",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20777"
},
{
"name" : "oval:org.mitre.oval:def:10185",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185"
},
{
"name" : "ADV-2006-4244",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4244"
},
{
"name" : "ADV-2006-4245",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4245"
},
{
"name" : "ADV-2007-1939",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name" : "1017194",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017194"
},
{
"name" : "22615",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22615"
},
{
"name" : "22624",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22624"
},
{
"name" : "22761",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22761"
},
{
"name" : "22929",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22929"
},
{
"name" : "23040",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23040"
},
{
"name" : "23344",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23344"
},
{
"name" : "22932",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22932"
},
{
"name" : "25402",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25402"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a \"-\" instead of \"--\" and contains an inconsistent ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200611-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-12.xml"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305530",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "22932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22932"
},
{
"name": "ADV-2007-1939",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "23344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23344"
},
{
"name": "22615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22615"
},
{
"name": "OpenPKG-SA-2006.030",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html"
},
{
"name": "APPLE-SA-2007-05-24",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:10185",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185"
},
{
"name": "22761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22761"
},
{
"name": "25402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25402"
},
{
"name": "SUSE-SR:2006:026",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "23040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23040"
},
{
"name": "[mongrel-users] 20061025 [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack",
"refsource": "MLIST",
"url": "http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html"
},
{
"name": "20777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20777"
},
{
"name": "MDKSA-2006:192",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:192"
},
{
"name": "1017194",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017194"
},
{
"name": "20061101-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"name": "DSA-1235",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1235"
},
{
"name": "USN-371-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-371-1"
},
{
"name": "ADV-2006-4244",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4244"
},
{
"name": "RHSA-2006:0729",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0729.html"
},
{
"name": "DSA-1234",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1234"
},
{
"name": "22929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22929"
},
{
"name": "ADV-2006-4245",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4245"
},
{
"name": "22624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22624"
}
]
}
}

150
2006/5xxx/CVE-2006-5726.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5726",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://projects.info-pull.com/mokb/MOKB-04-11-2006.html",
"refsource" : "MISC",
"url" : "http://projects.info-pull.com/mokb/MOKB-04-11-2006.html"
},
{
"name" : "20919",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20919"
},
{
"name" : "ADV-2006-4357",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4357"
},
{
"name" : "22714",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22714"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://projects.info-pull.com/mokb/MOKB-04-11-2006.html",
"refsource": "MISC",
"url": "http://projects.info-pull.com/mokb/MOKB-04-11-2006.html"
},
{
"name": "22714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22714"
},
{
"name": "ADV-2006-4357",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4357"
},
{
"name": "20919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20919"
}
]
}
}

230
2007/2xxx/CVE-2007-2175.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the \"PWN 2 0WN\" contest at CanSecWest 2007."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070501 ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/467319/100/0/threaded"
},
{
"name" : "http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow",
"refsource" : "MISC",
"url" : "http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow"
},
{
"name" : "http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/",
"refsource" : "MISC",
"url" : "http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/"
},
{
"name" : "http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/",
"refsource" : "MISC",
"url" : "http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/"
},
{
"name" : "http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/",
"refsource" : "MISC",
"url" : "http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-023.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-023.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=305446",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=305446"
},
{
"name" : "APPLE-SA-2007-05-01",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/May/msg00001.html"
},
{
"name" : "VU#420668",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/420668"
},
{
"name" : "34178",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/34178"
},
{
"name" : "1017950",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017950"
},
{
"name" : "quicktime-unspecified-code-execution(33827)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33827"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the \"PWN 2 0WN\" contest at CanSecWest 2007."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-023.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-023.html"
},
{
"name": "http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow",
"refsource": "MISC",
"url": "http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow"
},
{
"name": "quicktime-unspecified-code-execution(33827)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33827"
},
{
"name": "1017950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017950"
},
{
"name": "APPLE-SA-2007-05-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00001.html"
},
{
"name": "http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305446",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305446"
},
{
"name": "20070501 ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467319/100/0/threaded"
},
{
"name": "http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/",
"refsource": "MISC",
"url": "http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/"
},
{
"name": "34178",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34178"
},
{
"name": "VU#420668",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/420668"
},
{
"name": "http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/",
"refsource": "MISC",
"url": "http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/"
}
]
}
}

250
2007/2xxx/CVE-2007-2399.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2399",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an \"invalid type conversion\", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=305759",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=305759"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=306173",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=306173"
},
{
"name" : "APPLE-SA-2007-06-22",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"
},
{
"name" : "VU#389868",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/389868"
},
{
"name" : "24597",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24597"
},
{
"name" : "36130",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36130"
},
{
"name" : "36450",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36450"
},
{
"name" : "ADV-2007-2296",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2296"
},
{
"name" : "ADV-2007-2316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2316"
},
{
"name" : "ADV-2007-2731",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2731"
},
{
"name" : "1018281",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018281"
},
{
"name" : "25786",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25786"
},
{
"name" : "26287",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26287"
},
{
"name" : "macos-framesets-code-execution(35019)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35019"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an \"invalid type conversion\", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2316"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306173",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306173"
},
{
"name": "APPLE-SA-2007-06-22",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"
},
{
"name": "25786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25786"
},
{
"name": "36130",
"refsource": "OSVDB",
"url": "http://osvdb.org/36130"
},
{
"name": "36450",
"refsource": "OSVDB",
"url": "http://osvdb.org/36450"
},
{
"name": "24597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24597"
},
{
"name": "26287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26287"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305759",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305759"
},
{
"name": "macos-framesets-code-execution(35019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35019"
},
{
"name": "ADV-2007-2731",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2731"
},
{
"name": "VU#389868",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/389868"
},
{
"name": "1018281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018281"
},
{
"name": "ADV-2007-2296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2296"
}
]
}
}

34
2007/2xxx/CVE-2007-2517.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2517",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2517",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2007/2xxx/CVE-2007-2707.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3923",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3923"
},
{
"name" : "23982",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23982"
},
{
"name" : "ADV-2007-1826",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1826"
},
{
"name" : "36050",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36050"
},
{
"name" : "25271",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25271"
},
{
"name" : "linksnetnewsfeed-linkslogrss-file-include(34297)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34297"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3923",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3923"
},
{
"name": "ADV-2007-1826",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1826"
},
{
"name": "23982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23982"
},
{
"name": "25271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25271"
},
{
"name": "36050",
"refsource": "OSVDB",
"url": "http://osvdb.org/36050"
},
{
"name": "linksnetnewsfeed-linkslogrss-file-include(34297)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34297"
}
]
}
}

430
2007/2xxx/CVE-2007-2953.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2953",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-2953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070730 FLEA-2007-0036-1 vim vim-minimal gvim",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/475076/100/100/threaded"
},
{
"name" : "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2007-66/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2007-66/advisory/"
},
{
"name" : "ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1595",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1595"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0004.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
},
{
"name" : "DSA-1364",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1364"
},
{
"name" : "MDKSA-2007:168",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:168"
},
{
"name" : "MDVSA-2008:236",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name" : "RHSA-2008:0617",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
},
{
"name" : "RHSA-2008:0580",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name" : "SUSE-SR:2007:018",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name" : "2007-0026",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2007/0026/"
},
{
"name" : "USN-505-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-505-1"
},
{
"name" : "20070823 vim editor duplicates / clarifications",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-August/001770.html"
},
{
"name" : "25095",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25095"
},
{
"name" : "oval:org.mitre.oval:def:11549",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11549"
},
{
"name" : "oval:org.mitre.oval:def:6463",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6463"
},
{
"name" : "32858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32858"
},
{
"name" : "ADV-2007-2687",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2687"
},
{
"name" : "ADV-2009-0033",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0033"
},
{
"name" : "25941",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25941"
},
{
"name" : "26285",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26285"
},
{
"name" : "26594",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26594"
},
{
"name" : "26653",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26653"
},
{
"name" : "26674",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26674"
},
{
"name" : "26822",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26822"
},
{
"name" : "26522",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26522"
},
{
"name" : "33410",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33410"
},
{
"name" : "ADV-2009-0904",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0904"
},
{
"name" : "vim-helptagsone-code-execution(35655)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35655"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
},
{
"name": "25095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25095"
},
{
"name": "26822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26822"
},
{
"name": "MDKSA-2007:168",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:168"
},
{
"name": "26522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26522"
},
{
"name": "26285",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26285"
},
{
"name": "https://issues.rpath.com/browse/RPL-1595",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1595"
},
{
"name": "26594",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26594"
},
{
"name": "25941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25941"
},
{
"name": "32858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32858"
},
{
"name": "33410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33410"
},
{
"name": "USN-505-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-505-1"
},
{
"name": "RHSA-2008:0580",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "20070730 FLEA-2007-0036-1 vim vim-minimal gvim",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475076/100/100/threaded"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
},
{
"name": "ADV-2007-2687",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2687"
},
{
"name": "ADV-2009-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0904"
},
{
"name": "ADV-2009-0033",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0033"
},
{
"name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6463",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6463"
},
{
"name": "2007-0026",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "DSA-1364",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1364"
},
{
"name": "SUSE-SR:2007:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name": "http://secunia.com/secunia_research/2007-66/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-66/advisory/"
},
{
"name": "26653",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26653"
},
{
"name": "20070823 vim editor duplicates / clarifications",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-August/001770.html"
},
{
"name": "oval:org.mitre.oval:def:11549",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11549"
},
{
"name": "vim-helptagsone-code-execution(35655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35655"
},
{
"name": "MDVSA-2008:236",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "26674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26674"
},
{
"name": "ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039",
"refsource": "CONFIRM",
"url": "ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039"
},
{
"name": "RHSA-2008:0617",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
}
]
}
}

190
2010/0xxx/CVE-2010-0120.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0120",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-0120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2010-8/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-8/"
},
{
"name" : "http://service.real.com/realplayer/security/08262010_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/08262010_player/en/"
},
{
"name" : "oval:org.mitre.oval:def:6807",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6807"
},
{
"name" : "1024370",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024370"
},
{
"name" : "41096",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41096"
},
{
"name" : "41154",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41154"
},
{
"name" : "ADV-2010-2216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2216"
},
{
"name" : "realplayer-qcp-audio-bo(61422)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61422"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2216"
},
{
"name": "41096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41096"
},
{
"name": "oval:org.mitre.oval:def:6807",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6807"
},
{
"name": "http://secunia.com/secunia_research/2010-8/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-8/"
},
{
"name": "realplayer-qcp-audio-bo(61422)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61422"
},
{
"name": "http://service.real.com/realplayer/security/08262010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/08262010_player/en/"
},
{
"name": "1024370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024370"
},
{
"name": "41154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41154"
}
]
}
}

140
2010/0xxx/CVE-2010-0471.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0471",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://enanocms.org/Release_notes/1.0.6pl1",
"refsource" : "CONFIRM",
"url" : "http://enanocms.org/Release_notes/1.0.6pl1"
},
{
"name" : "61974",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/61974"
},
{
"name" : "38253",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38253"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61974",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61974"
},
{
"name": "38253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38253"
},
{
"name": "http://enanocms.org/Release_notes/1.0.6pl1",
"refsource": "CONFIRM",
"url": "http://enanocms.org/Release_notes/1.0.6pl1"
}
]
}
}

150
2010/1xxx/CVE-2010-1954.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1954",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12287",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12287"
},
{
"name" : "39552",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39552"
},
{
"name" : "39531",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39531"
},
{
"name" : "ADV-2010-0928",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12287",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12287"
},
{
"name": "ADV-2010-0928",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0928"
},
{
"name": "39531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39531"
},
{
"name": "39552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39552"
}
]
}
}

150
2010/3xxx/CVE-2010-3425.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cloudscan.blogspot.com/2010/09/vendorsmarterstats-bug-cross-site.html",
"refsource" : "MISC",
"url" : "http://cloudscan.blogspot.com/2010/09/vendorsmarterstats-bug-cross-site.html"
},
{
"name" : "67895",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/67895"
},
{
"name" : "41389",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41389"
},
{
"name" : "smarterstats-frmhelp-xss(61724)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61724"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41389",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41389"
},
{
"name": "http://cloudscan.blogspot.com/2010/09/vendorsmarterstats-bug-cross-site.html",
"refsource": "MISC",
"url": "http://cloudscan.blogspot.com/2010/09/vendorsmarterstats-bug-cross-site.html"
},
{
"name": "67895",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67895"
},
{
"name": "smarterstats-frmhelp-xss(61724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61724"
}
]
}
}

140
2010/3xxx/CVE-2010-3635.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3635",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to execute arbitrary code via unspecified vectors, related to a \"segmentation fault vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-3635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-27.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-27.html"
},
{
"name" : "44753",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44753"
},
{
"name" : "oval:org.mitre.oval:def:11333",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11333"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to execute arbitrary code via unspecified vectors, related to a \"segmentation fault vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11333",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11333"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-27.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-27.html"
},
{
"name": "44753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44753"
}
]
}
}

250
2010/4xxx/CVE-2010-4209.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514622"
},
{
"name" : "[oss-security] 20101107 Re: CVE request: moodle 1.9.10",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"name" : "http://www.bugzilla.org/security/3.2.8/",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security/3.2.8/"
},
{
"name" : "http://yuilibrary.com/support/2.8.2/",
"refsource" : "CONFIRM",
"url" : "http://yuilibrary.com/support/2.8.2/"
},
{
"name" : "FEDORA-2010-17235",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"name" : "FEDORA-2010-17274",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"name" : "FEDORA-2010-17280",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"name" : "SUSE-SR:2010:021",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name" : "44420",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44420"
},
{
"name" : "1024683",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024683"
},
{
"name" : "41955",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41955"
},
{
"name" : "42271",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42271"
},
{
"name" : "ADV-2010-2878",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2878"
},
{
"name" : "ADV-2010-2975",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2975"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-17280",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"name": "http://yuilibrary.com/support/2.8.2/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"name": "ADV-2010-2878",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"name": "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"name": "http://www.bugzilla.org/security/3.2.8/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"name": "FEDORA-2010-17274",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"name": "41955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41955"
},
{
"name": "1024683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024683"
},
{
"name": "44420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44420"
},
{
"name": "SUSE-SR:2010:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "FEDORA-2010-17235",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"name": "ADV-2010-2975",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"name": "[oss-security] 20101107 Re: CVE request: moodle 1.9.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"name": "42271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42271"
}
]
}
}

140
2010/4xxx/CVE-2010-4214.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4214",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://news.cnet.com/8301-27080_3-20021874-245.html",
"refsource" : "MISC",
"url" : "http://news.cnet.com/8301-27080_3-20021874-245.html"
},
{
"name" : "http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html",
"refsource" : "MISC",
"url" : "http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html"
},
{
"name" : "http://viaforensics.com/appwatchdog/wells-fargo-android.html",
"refsource" : "MISC",
"url" : "http://viaforensics.com/appwatchdog/wells-fargo-android.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://viaforensics.com/appwatchdog/wells-fargo-android.html",
"refsource": "MISC",
"url": "http://viaforensics.com/appwatchdog/wells-fargo-android.html"
},
{
"name": "http://news.cnet.com/8301-27080_3-20021874-245.html",
"refsource": "MISC",
"url": "http://news.cnet.com/8301-27080_3-20021874-245.html"
},
{
"name": "http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html",
"refsource": "MISC",
"url": "http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html"
}
]
}
}

240
2010/4xxx/CVE-2010-4468.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"
},
{
"name" : "HPSBMU02797",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "SSRT100867",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "RHSA-2011:0282",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0282.html"
},
{
"name" : "RHSA-2011:0880",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"name" : "46393",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46393"
},
{
"name" : "oval:org.mitre.oval:def:12848",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12848"
},
{
"name" : "oval:org.mitre.oval:def:13552",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13552"
},
{
"name" : "44954",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44954"
},
{
"name" : "oracle-java-jdbc-unspecified(65409)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65409"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "oval:org.mitre.oval:def:12848",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12848"
},
{
"name": "oracle-java-jdbc-unspecified(65409)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65409"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"
},
{
"name": "44954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44954"
},
{
"name": "46393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46393"
},
{
"name": "RHSA-2011:0880",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"name": "RHSA-2011:0282",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html"
},
{
"name": "oval:org.mitre.oval:def:13552",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13552"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
}
]
}
}

150
2010/4xxx/CVE-2010-4962.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name" : "42381",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42381"
},
{
"name" : "webkit-unspecified-command-execution(61058)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61058"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4/"
},
{
"name": "webkit-unspecified-command-execution(61058)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61058"
},
{
"name": "42381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42381"
}
]
}
}

170
2014/0xxx/CVE-2014-0059.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2014:0563",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0563.html"
},
{
"name" : "RHSA-2014:0564",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0564.html"
},
{
"name" : "RHSA-2014:0565",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0565.html"
},
{
"name" : "RHSA-2015:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name" : "RHSA-2015:0850",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name" : "RHSA-2015:0851",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0565",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0565.html"
},
{
"name": "RHSA-2015:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "RHSA-2015:0850",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name": "RHSA-2014:0563",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0563.html"
},
{
"name": "RHSA-2015:0851",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name": "RHSA-2014:0564",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0564.html"
}
]
}
}

130
2014/0xxx/CVE-2014-0970.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0970",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject links via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677304",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677304"
},
{
"name" : "ibm-imdm-cve20140970-link-inj(92950)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92950"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject links via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677304",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677304"
},
{
"name": "ibm-imdm-cve20140970-link-inj(92950)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92950"
}
]
}
}

34
2014/4xxx/CVE-2014-4553.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4553",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4553",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/4xxx/CVE-2014-4679.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4679",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4679",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8261.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8261",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8261",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2014/8xxx/CVE-2014-8704.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8704",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://rossmarks.uk/portfolio.php",
"refsource" : "MISC",
"url" : "http://rossmarks.uk/portfolio.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rossmarks.uk/portfolio.php",
"refsource": "MISC",
"url": "http://rossmarks.uk/portfolio.php"
}
]
}
}

150
2014/9xxx/CVE-2014-9095.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9095",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140717 Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jul/79"
},
{
"name" : "http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html"
},
{
"name" : "68722",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68722"
},
{
"name" : "60138",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html"
},
{
"name": "60138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60138"
},
{
"name": "20140717 Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/79"
},
{
"name": "68722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68722"
}
]
}
}

160
2014/9xxx/CVE-2014-9583.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9583",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35688",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35688"
},
{
"name" : "44524",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44524/"
},
{
"name" : "http://packetstormsecurity.com/files/129815/ASUSWRT-3.0.0.4.376_1071-LAN-Backdoor-Command-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129815/ASUSWRT-3.0.0.4.376_1071-LAN-Backdoor-Command-Execution.html"
},
{
"name" : "https://github.com/jduck/asus-cmd",
"refsource" : "MISC",
"url" : "https://github.com/jduck/asus-cmd"
},
{
"name" : "https://support.t-mobile.com/docs/DOC-21994",
"refsource" : "CONFIRM",
"url" : "https://support.t-mobile.com/docs/DOC-21994"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35688",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35688"
},
{
"name": "44524",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44524/"
},
{
"name": "https://support.t-mobile.com/docs/DOC-21994",
"refsource": "CONFIRM",
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"name": "https://github.com/jduck/asus-cmd",
"refsource": "MISC",
"url": "https://github.com/jduck/asus-cmd"
},
{
"name": "http://packetstormsecurity.com/files/129815/ASUSWRT-3.0.0.4.376_1071-LAN-Backdoor-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129815/ASUSWRT-3.0.0.4.376_1071-LAN-Backdoor-Command-Execution.html"
}
]
}
}

220
2014/9xxx/CVE-2014-9717.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9717",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[containers] 20150402 [PATCH review 0/19] Locked mount and loopback mount fixes",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/linux-containers/msg30786.html"
},
{
"name" : "[linux-kernel] 20141007 [PATCH] mnt: don't allow to detach the namespace root",
"refsource" : "MLIST",
"url" : "https://groups.google.com/forum/message/raw?msg=linux.kernel/HnegnbXk0Vs/RClojwJzAFEJ"
},
{
"name" : "[oss-security] 20150417 USERNS allows circumventing MNT_LOCKED",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/17/4"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1226751",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1226751"
},
{
"name" : "https://github.com/torvalds/linux/commit/ce07d891a0891d3c0d0c2d73d577490486b809e1",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/ce07d891a0891d3c0d0c2d73d577490486b809e1"
},
{
"name" : "SUSE-SU-2016:1690",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name" : "SUSE-SU-2016:1696",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name" : "SUSE-SU-2016:1937",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
},
{
"name" : "74226",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74226"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "https://github.com/torvalds/linux/commit/ce07d891a0891d3c0d0c2d73d577490486b809e1",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ce07d891a0891d3c0d0c2d73d577490486b809e1"
},
{
"name": "[oss-security] 20150417 USERNS allows circumventing MNT_LOCKED",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/17/4"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1226751",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226751"
},
{
"name": "[linux-kernel] 20141007 [PATCH] mnt: don't allow to detach the namespace root",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=linux.kernel/HnegnbXk0Vs/RClojwJzAFEJ"
},
{
"name": "[containers] 20150402 [PATCH review 0/19] Locked mount and loopback mount fixes",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/linux-containers/msg30786.html"
},
{
"name": "74226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74226"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}

34
2014/9xxx/CVE-2014-9858.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9858",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9858",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/3xxx/CVE-2016-3150.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20161114 Multiple vulnerabilities in Barco Clickshare",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/539754/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html"
},
{
"name" : "94330",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94330"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html"
},
{
"name": "20161114 Multiple vulnerabilities in Barco Clickshare",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539754/100/0/threaded"
},
{
"name": "94330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94330"
}
]
}
}

140
2016/3xxx/CVE-2016-3415.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource" : "CONFIRM",
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource" : "CONFIRM",
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name" : "95917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95917"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95917"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}

150
2016/3xxx/CVE-2016-3568.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91876"
},
{
"name" : "1036393",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036393"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91876"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "1036393",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036393"
}
]
}
}

154
2016/6xxx/CVE-2016-6100.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Atlas Policy Suite",
"version" : {
"version_data" : [
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.3.1"
},
{
"version_value" : "6.0.3.2"
},
{
"version_value" : "6.0.3.3"
},
{
"version_value" : "6.0.3.4"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000771."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlas Policy Suite",
"version": {
"version_data": [
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.3.1"
},
{
"version_value": "6.0.3.2"
},
{
"version_value": "6.0.3.3"
},
{
"version_value": "6.0.3.4"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22000771",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22000771"
},
{
"name" : "97326",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97326"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000771."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22000771",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000771"
},
{
"name": "97326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97326"
}
]
}
}

120
2016/6xxx/CVE-2016-6159.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6159",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending \"special packages\" to the LAN interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160907-01-ws331a-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160907-01-ws331a-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending \"special packages\" to the LAN interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160907-01-ws331a-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160907-01-ws331a-en"
}
]
}
}

200
2016/6xxx/CVE-2016-6214.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6214",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160713 Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/13/5"
},
{
"name" : "[oss-security] 20160713 Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/13/12"
},
{
"name" : "https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7",
"refsource" : "CONFIRM",
"url" : "https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7"
},
{
"name" : "https://github.com/libgd/libgd/issues/247#issuecomment-232084241",
"refsource" : "CONFIRM",
"url" : "https://github.com/libgd/libgd/issues/247#issuecomment-232084241"
},
{
"name" : "https://libgd.github.io/release-2.2.3.html",
"refsource" : "CONFIRM",
"url" : "https://libgd.github.io/release-2.2.3.html"
},
{
"name" : "DSA-3619",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3619"
},
{
"name" : "openSUSE-SU-2016:2363",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"name" : "openSUSE-SU-2016:2117",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
},
{
"name" : "USN-3060-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3060-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2117",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
},
{
"name": "https://libgd.github.io/release-2.2.3.html",
"refsource": "CONFIRM",
"url": "https://libgd.github.io/release-2.2.3.html"
},
{
"name": "openSUSE-SU-2016:2363",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"name": "https://github.com/libgd/libgd/issues/247#issuecomment-232084241",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/issues/247#issuecomment-232084241"
},
{
"name": "https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7"
},
{
"name": "[oss-security] 20160713 Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/12"
},
{
"name": "[oss-security] 20160713 Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/5"
},
{
"name": "USN-3060-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3060-1"
},
{
"name": "DSA-3619",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3619"
}
]
}
}

34
2016/7xxx/CVE-2016-7294.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7294",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7294",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/7xxx/CVE-2016-7341.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7341",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7341",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/7xxx/CVE-2016-7524.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7524",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7524",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2016/8xxx/CVE-2016-8236.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2016-8236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ThinkServer RD350, RD450, RD550, RD650, TD350",
"version" : {
"version_data" : [
{
"version_value" : "lower than 3.77"
}
]
}
}
]
},
"vendor_name" : "Lenovo Group Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Reset of ThinkServer TSM to defaults"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkServer RD350, RD450, RD550, RD650, TD350",
"version": {
"version_data": [
{
"version_value": "lower than 3.77"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.lenovo.com/us/en/solutions/LEN-9307",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-9307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reset of ThinkServer TSM to defaults"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-9307",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-9307"
}
]
}
}

200
2016/8xxx/CVE-2016-8690.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8690",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160823 Fuzzing jasper",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/08/23/6"
},
{
"name" : "[oss-security] 20161015 Re: Fuzzing jasper",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/16/14"
},
{
"name" : "[debian-lts-announce] 20181121 [SECURITY] [DLA 1583-1] jasper security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html"
},
{
"name" : "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385499",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385499"
},
{
"name" : "https://github.com/mdadams/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca",
"refsource" : "CONFIRM",
"url" : "https://github.com/mdadams/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca"
},
{
"name" : "FEDORA-2016-6c789ba91d",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/"
},
{
"name" : "RHSA-2017:1208",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name" : "93590",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93590"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-6c789ba91d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/"
},
{
"name": "https://github.com/mdadams/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca",
"refsource": "CONFIRM",
"url": "https://github.com/mdadams/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca"
},
{
"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1583-1] jasper security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html"
},
{
"name": "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/"
},
{
"name": "RHSA-2017:1208",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name": "93590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93590"
},
{
"name": "[oss-security] 20160823 Fuzzing jasper",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/23/6"
},
{
"name": "[oss-security] 20161015 Re: Fuzzing jasper",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/14"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1385499",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385499"
}
]
}
}