admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:48:52 +00:00
parent c64e5b2805
commit 94c30d92ea
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
45 changed files with 3851 additions and 3851 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2006/1xxx/CVE-2006-1704.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1704",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060407 Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430301/100/0/threaded"
},
{
"name" : "17431",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17431"
},
{
"name" : "1015885",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015885"
},
{
"name" : "sire-upload-auth-bypass(25727)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25727"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17431"
},
{
"name": "1015885",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015885"
},
{
"name": "sire-upload-auth-bypass(25727)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25727"
},
{
"name": "20060407 Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430301/100/0/threaded"
}
]
}
}

130
2006/1xxx/CVE-2006-1757.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1757",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060410 Vegadns blind sql injection and cross site scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430474/100/0/threaded"
},
{
"name" : "17433",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17433"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17433"
},
{
"name": "20060410 Vegadns blind sql injection and cross site scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430474/100/0/threaded"
}
]
}
}

170
2006/1xxx/CVE-2006-1950.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/04/bannerfarm-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/04/bannerfarm-xss-vuln.html"
},
{
"name" : "17613",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17613"
},
{
"name" : "ADV-2006-1410",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1410"
},
{
"name" : "24728",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24728"
},
{
"name" : "19718",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19718"
},
{
"name" : "bannerfarm-banners-xss(25919)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25919"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bannerfarm-banners-xss(25919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25919"
},
{
"name": "24728",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24728"
},
{
"name": "ADV-2006-1410",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1410"
},
{
"name": "17613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17613"
},
{
"name": "http://pridels0.blogspot.com/2006/04/bannerfarm-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/bannerfarm-xss-vuln.html"
},
{
"name": "19718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19718"
}
]
}
}

160
2006/5xxx/CVE-2006-5077.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5077",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2429",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2429"
},
{
"name" : "20185",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20185"
},
{
"name" : "ADV-2006-3880",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3880"
},
{
"name" : "22256",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22256"
},
{
"name" : "minerva-logging-file-include(29148)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29148"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22256"
},
{
"name": "minerva-logging-file-include(29148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29148"
},
{
"name": "2429",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2429"
},
{
"name": "ADV-2006-3880",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3880"
},
{
"name": "20185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20185"
}
]
}
}

180
2006/5xxx/CVE-2006-5080.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5080",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.sixapart.com/movabletype/news/2006/09/mt_333-mte_103_updates.html",
"refsource" : "MISC",
"url" : "http://www.sixapart.com/movabletype/news/2006/09/mt_333-mte_103_updates.html"
},
{
"name" : "JVN#68295640",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2368295640/index.html"
},
{
"name" : "20228",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20228"
},
{
"name" : "ADV-2006-3779",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3779"
},
{
"name" : "29177",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29177"
},
{
"name" : "22109",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22109"
},
{
"name" : "movabletype-search-xss(29183)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#68295640",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2368295640/index.html"
},
{
"name": "movabletype-search-xss(29183)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29183"
},
{
"name": "29177",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29177"
},
{
"name": "22109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22109"
},
{
"name": "ADV-2006-3779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3779"
},
{
"name": "20228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20228"
},
{
"name": "http://www.sixapart.com/movabletype/news/2006/09/mt_333-mte_103_updates.html",
"refsource": "MISC",
"url": "http://www.sixapart.com/movabletype/news/2006/09/mt_333-mte_103_updates.html"
}
]
}
}

200
2006/5xxx/CVE-2006-5354.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5354",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0, racle Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# OHS06."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "TA06-291A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
},
{
"name" : "20588",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20588"
},
{
"name" : "ADV-2006-4065",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name" : "1017077",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017077"
},
{
"name" : "22396",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22396"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0, racle Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# OHS06."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name": "20588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20588"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "ADV-2006-4065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name": "22396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22396"
},
{
"name": "1017077",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017077"
},
{
"name": "TA06-291A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
}
]
}
}

190
2006/5xxx/CVE-2006-5875.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5875",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attackers to execute arbitrary commands via shell metacharacters in an \"SMTP level e-mail address\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-1236",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1236"
},
{
"name" : "[eoc] 20061213 EoC 1.2.4 -- security problem fixed, please upgrade immediately",
"refsource" : "MLIST",
"url" : "http://liw.iki.fi/lists/eoc@liw.iki.fi/msg00366.html"
},
{
"name" : "21572",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21572"
},
{
"name" : "ADV-2006-5000",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5000"
},
{
"name" : "30849",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30849"
},
{
"name" : "23377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23377"
},
{
"name" : "23382",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23382"
},
{
"name" : "eoc-email-shell-command-execution(30923)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30923"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attackers to execute arbitrary commands via shell metacharacters in an \"SMTP level e-mail address\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23377"
},
{
"name": "23382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23382"
},
{
"name": "DSA-1236",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1236"
},
{
"name": "30849",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30849"
},
{
"name": "eoc-email-shell-command-execution(30923)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30923"
},
{
"name": "[eoc] 20061213 EoC 1.2.4 -- security problem fixed, please upgrade immediately",
"refsource": "MLIST",
"url": "http://liw.iki.fi/lists/eoc@liw.iki.fi/msg00366.html"
},
{
"name": "21572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21572"
},
{
"name": "ADV-2006-5000",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5000"
}
]
}
}

180
2007/2xxx/CVE-2007-2490.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2490",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/MIMG-6Q3NFD",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MIMG-6Q3NFD"
},
{
"name" : "VU#711420",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/711420"
},
{
"name" : "23775",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23775"
},
{
"name" : "ADV-2007-1633",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1633"
},
{
"name" : "35530",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35530"
},
{
"name" : "25113",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25113"
},
{
"name" : "livedata-cotp-dos(34029)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34029"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1633",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1633"
},
{
"name": "35530",
"refsource": "OSVDB",
"url": "http://osvdb.org/35530"
},
{
"name": "23775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23775"
},
{
"name": "VU#711420",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/711420"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-6Q3NFD",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-6Q3NFD"
},
{
"name": "livedata-cotp-dos(34029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34029"
},
{
"name": "25113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25113"
}
]
}
}

130
2007/2xxx/CVE-2007-2574.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2574",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3859",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3859"
},
{
"name" : "41731",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/41731"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41731",
"refsource": "OSVDB",
"url": "http://osvdb.org/41731"
},
{
"name": "3859",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3859"
}
]
}
}

170
2007/2xxx/CVE-2007-2632.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2632",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[]."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070510 phpMUR Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=117883301207293&w=2"
},
{
"name" : "23917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23917"
},
{
"name" : "36212",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36212"
},
{
"name" : "36213",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36213"
},
{
"name" : "ADV-2007-1796",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1796"
},
{
"name" : "phpmur-multiple-script-xss(34228)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34228"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1796",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1796"
},
{
"name": "phpmur-multiple-script-xss(34228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34228"
},
{
"name": "23917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23917"
},
{
"name": "20070510 phpMUR Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=117883301207293&w=2"
},
{
"name": "36212",
"refsource": "OSVDB",
"url": "http://osvdb.org/36212"
},
{
"name": "36213",
"refsource": "OSVDB",
"url": "http://osvdb.org/36213"
}
]
}
}

190
2007/2xxx/CVE-2007-2657.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2657",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX control in PrecisionID_DataMatrix.DLL allows remote attackers to cause a denial of service via a long argument to the SaveBarCode method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3910",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3910"
},
{
"name" : "http://moaxb.blogspot.com/2007/05/moaxb-12-precisionid-barcode-activex.html",
"refsource" : "MISC",
"url" : "http://moaxb.blogspot.com/2007/05/moaxb-12-precisionid-barcode-activex.html"
},
{
"name" : "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=14",
"refsource" : "MISC",
"url" : "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=14"
},
{
"name" : "23957",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23957"
},
{
"name" : "ADV-2007-1790",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1790"
},
{
"name" : "36012",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36012"
},
{
"name" : "25258",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25258"
},
{
"name" : "precisionid-precisioniddatamatrix-bo(34267)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34267"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX control in PrecisionID_DataMatrix.DLL allows remote attackers to cause a denial of service via a long argument to the SaveBarCode method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1790",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1790"
},
{
"name": "http://moaxb.blogspot.com/2007/05/moaxb-12-precisionid-barcode-activex.html",
"refsource": "MISC",
"url": "http://moaxb.blogspot.com/2007/05/moaxb-12-precisionid-barcode-activex.html"
},
{
"name": "25258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25258"
},
{
"name": "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=14",
"refsource": "MISC",
"url": "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=14"
},
{
"name": "36012",
"refsource": "OSVDB",
"url": "http://osvdb.org/36012"
},
{
"name": "3910",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3910"
},
{
"name": "precisionid-precisioniddatamatrix-bo(34267)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34267"
},
{
"name": "23957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23957"
}
]
}
}

180
2007/2xxx/CVE-2007-2676.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2676",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3838",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3838"
},
{
"name" : "20070507 TRUE: Open Translation Engine (OTE) 0.7.8 RFI (+ XSS)",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2007-May/001585.html"
},
{
"name" : "23793",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23793"
},
{
"name" : "ADV-2007-1650",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1650"
},
{
"name" : "35591",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35591"
},
{
"name" : "25146",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25146"
},
{
"name" : "ote-header-file-include(34053)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34053"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3838",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3838"
},
{
"name": "35591",
"refsource": "OSVDB",
"url": "http://osvdb.org/35591"
},
{
"name": "23793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23793"
},
{
"name": "20070507 TRUE: Open Translation Engine (OTE) 0.7.8 RFI (+ XSS)",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-May/001585.html"
},
{
"name": "25146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25146"
},
{
"name": "ote-header-file-include(34053)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34053"
},
{
"name": "ADV-2007-1650",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1650"
}
]
}
}

440
2007/2xxx/CVE-2007-2834.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2834",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070917 Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593"
},
{
"name" : "20070919 FLEA-2007-0056-1 openoffice.org",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/479965/100/0/threaded"
},
{
"name" : "http://www.openoffice.org/security/cves/CVE-2007-2834.html",
"refsource" : "CONFIRM",
"url" : "http://www.openoffice.org/security/cves/CVE-2007-2834.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1740",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1740"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=192818",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=192818"
},
{
"name" : "DSA-1375",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1375"
},
{
"name" : "FEDORA-2007-700",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/updates/FEDORA-2007-700.shtml"
},
{
"name" : "FEDORA-2007-2372",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/updates/FEDORA-2007-237.shtml"
},
{
"name" : "GLSA-200710-24",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200710-24.xml"
},
{
"name" : "MDKSA-2007:186",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:186"
},
{
"name" : "RHSA-2007:0848",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0848.html"
},
{
"name" : "102994",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1"
},
{
"name" : "200190",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200190-1"
},
{
"name" : "SUSE-SA:2007:052",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html"
},
{
"name" : "USN-524-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-524-1"
},
{
"name" : "25690",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25690"
},
{
"name" : "oval:org.mitre.oval:def:9967",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9967"
},
{
"name" : "ADV-2007-3184",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3184"
},
{
"name" : "ADV-2007-3262",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3262"
},
{
"name" : "1018702",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018702"
},
{
"name" : "26816",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26816"
},
{
"name" : "26817",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26817"
},
{
"name" : "26839",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26839"
},
{
"name" : "26844",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26844"
},
{
"name" : "26855",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26855"
},
{
"name" : "26861",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26861"
},
{
"name" : "26903",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26903"
},
{
"name" : "26912",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26912"
},
{
"name" : "26891",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26891"
},
{
"name" : "27077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27077"
},
{
"name" : "27087",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27087"
},
{
"name" : "27370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27370"
},
{
"name" : "openoffice-tiff-bo(36656)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36656"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "200190",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200190-1"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=192818",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=192818"
},
{
"name": "26816",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26816"
},
{
"name": "26839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26839"
},
{
"name": "USN-524-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-524-1"
},
{
"name": "https://issues.rpath.com/browse/RPL-1740",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1740"
},
{
"name": "26855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26855"
},
{
"name": "1018702",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018702"
},
{
"name": "102994",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1"
},
{
"name": "SUSE-SA:2007:052",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html"
},
{
"name": "26903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26903"
},
{
"name": "GLSA-200710-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200710-24.xml"
},
{
"name": "20070917 Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593"
},
{
"name": "27370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27370"
},
{
"name": "MDKSA-2007:186",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:186"
},
{
"name": "ADV-2007-3262",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3262"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2007-2834.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2007-2834.html"
},
{
"name": "FEDORA-2007-700",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2007-700.shtml"
},
{
"name": "RHSA-2007:0848",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0848.html"
},
{
"name": "26844",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26844"
},
{
"name": "26891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26891"
},
{
"name": "20070919 FLEA-2007-0056-1 openoffice.org",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479965/100/0/threaded"
},
{
"name": "27087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27087"
},
{
"name": "25690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25690"
},
{
"name": "oval:org.mitre.oval:def:9967",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9967"
},
{
"name": "ADV-2007-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3184"
},
{
"name": "26861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26861"
},
{
"name": "26817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26817"
},
{
"name": "DSA-1375",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1375"
},
{
"name": "openoffice-tiff-bo(36656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36656"
},
{
"name": "26912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26912"
},
{
"name": "27077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27077"
},
{
"name": "FEDORA-2007-2372",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2007-237.shtml"
}
]
}
}

120
2007/6xxx/CVE-2007-6011.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6011",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "26178",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26178"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26178"
}
]
}
}

160
2010/0xxx/CVE-2010-0045.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0045",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4070",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4070"
},
{
"name" : "APPLE-SA-2010-03-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
},
{
"name" : "38671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38671"
},
{
"name" : "oval:org.mitre.oval:def:6817",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6817"
},
{
"name" : "1023706",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023706"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
},
{
"name": "oval:org.mitre.oval:def:6817",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6817"
},
{
"name": "1023706",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023706"
},
{
"name": "http://support.apple.com/kb/HT4070",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4070"
},
{
"name": "38671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38671"
}
]
}
}

420
2010/0xxx/CVE-2010-0176.json
View File

@ -1,212 +1,212 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0176",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a \"dangling pointer vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-18.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-18.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=538308",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=538308"
},
{
"name" : "DSA-2027",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2027"
},
{
"name" : "FEDORA-2010-5526",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html"
},
{
"name" : "FEDORA-2010-5539",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html"
},
{
"name" : "FEDORA-2010-5561",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html"
},
{
"name" : "MDVSA-2010:070",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"
},
{
"name" : "RHSA-2010:0332",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0332.html"
},
{
"name" : "RHSA-2010:0333",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0333.html"
},
{
"name" : "SUSE-SR:2010:013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name" : "USN-921-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-921-1"
},
{
"name" : "oval:org.mitre.oval:def:11052",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11052"
},
{
"name" : "oval:org.mitre.oval:def:7222",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7222"
},
{
"name" : "1023776",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023776"
},
{
"name" : "1023782",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023782"
},
{
"name" : "38566",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38566"
},
{
"name" : "39117",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39117"
},
{
"name" : "39136",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39136"
},
{
"name" : "39204",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39204"
},
{
"name" : "39240",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39240"
},
{
"name" : "39242",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39242"
},
{
"name" : "39243",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39243"
},
{
"name" : "39308",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39308"
},
{
"name" : "39397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39397"
},
{
"name" : "ADV-2010-0748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0748"
},
{
"name" : "ADV-2010-0764",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0764"
},
{
"name" : "ADV-2010-0765",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0765"
},
{
"name" : "ADV-2010-0781",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0781"
},
{
"name" : "ADV-2010-0790",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0790"
},
{
"name" : "ADV-2010-0849",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0849"
},
{
"name" : "firefox-nstreecontentview-code-exec(57392)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57392"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a \"dangling pointer vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "firefox-nstreecontentview-code-exec(57392)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57392"
},
{
"name": "39397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39397"
},
{
"name": "RHSA-2010:0333",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0333.html"
},
{
"name": "39308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39308"
},
{
"name": "39136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39136"
},
{
"name": "oval:org.mitre.oval:def:7222",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7222"
},
{
"name": "oval:org.mitre.oval:def:11052",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11052"
},
{
"name": "ADV-2010-0781",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0781"
},
{
"name": "FEDORA-2010-5561",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html"
},
{
"name": "USN-921-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-921-1"
},
{
"name": "1023776",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023776"
},
{
"name": "1023782",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023782"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-18.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-18.html"
},
{
"name": "ADV-2010-0764",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0764"
},
{
"name": "ADV-2010-0765",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0765"
},
{
"name": "MDVSA-2010:070",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"
},
{
"name": "FEDORA-2010-5526",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html"
},
{
"name": "38566",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38566"
},
{
"name": "39117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39117"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=538308",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=538308"
},
{
"name": "39243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39243"
},
{
"name": "ADV-2010-0748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0748"
},
{
"name": "ADV-2010-0849",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0849"
},
{
"name": "FEDORA-2010-5539",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html"
},
{
"name": "ADV-2010-0790",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0790"
},
{
"name": "39242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39242"
},
{
"name": "DSA-2027",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2027"
},
{
"name": "RHSA-2010:0332",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0332.html"
},
{
"name": "39240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39240"
},
{
"name": "39204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39204"
}
]
}
}

130
2010/0xxx/CVE-2010-0325.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0325",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}

120
2010/0xxx/CVE-2010-0347.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0347",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}

180
2010/1xxx/CVE-2010-1457.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1457",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100507 CVE Assignment (gnustep)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/05/07/6"
},
{
"name" : "http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz",
"refsource" : "CONFIRM",
"url" : "http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz"
},
{
"name" : "http://savannah.gnu.org/bugs/?29755",
"refsource" : "CONFIRM",
"url" : "http://savannah.gnu.org/bugs/?29755"
},
{
"name" : "http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336",
"refsource" : "CONFIRM",
"url" : "http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108"
},
{
"name" : "40005",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40005"
},
{
"name" : "39746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39746"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39746"
},
{
"name": "[oss-security] 20100507 CVE Assignment (gnustep)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/07/6"
},
{
"name": "http://savannah.gnu.org/bugs/?29755",
"refsource": "CONFIRM",
"url": "http://savannah.gnu.org/bugs/?29755"
},
{
"name": "http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336",
"refsource": "CONFIRM",
"url": "http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336"
},
{
"name": "http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz",
"refsource": "CONFIRM",
"url": "http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz"
},
{
"name": "40005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40005"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108"
}
]
}
}

200
2010/4xxx/CVE-2010-4569.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://yuilibrary.com/forum/viewtopic.php?p=12923",
"refsource" : "MISC",
"url" : "http://yuilibrary.com/forum/viewtopic.php?p=12923"
},
{
"name" : "http://yuilibrary.com/projects/yui2/ticket/2529228",
"refsource" : "MISC",
"url" : "http://yuilibrary.com/projects/yui2/ticket/2529228"
},
{
"name" : "http://www.bugzilla.org/security/3.2.9/",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security/3.2.9/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=619637",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=619637"
},
{
"name" : "45982",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45982"
},
{
"name" : "70701",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70701"
},
{
"name" : "ADV-2011-0207",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0207"
},
{
"name" : "ADV-2011-0271",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0271"
},
{
"name" : "bugzilla-realname-xss(65178)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65178"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=619637",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=619637"
},
{
"name": "45982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45982"
},
{
"name": "http://www.bugzilla.org/security/3.2.9/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.2.9/"
},
{
"name": "ADV-2011-0271",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0271"
},
{
"name": "70701",
"refsource": "OSVDB",
"url": "http://osvdb.org/70701"
},
{
"name": "ADV-2011-0207",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0207"
},
{
"name": "http://yuilibrary.com/projects/yui2/ticket/2529228",
"refsource": "MISC",
"url": "http://yuilibrary.com/projects/yui2/ticket/2529228"
},
{
"name": "http://yuilibrary.com/forum/viewtopic.php?p=12923",
"refsource": "MISC",
"url": "http://yuilibrary.com/forum/viewtopic.php?p=12923"
},
{
"name": "bugzilla-realname-xss(65178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65178"
}
]
}
}

200
2010/4xxx/CVE-2010-4647.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4647",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/06/7"
},
{
"name" : "[oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/06/16"
},
{
"name" : "http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting",
"refsource" : "MISC",
"url" : "http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting"
},
{
"name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582",
"refsource" : "MISC",
"url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582"
},
{
"name" : "FEDORA-2010-18990",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html"
},
{
"name" : "FEDORA-2010-19006",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html"
},
{
"name" : "MDVSA-2011:032",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032"
},
{
"name" : "RHSA-2011:0568",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0568.html"
},
{
"name" : "eclipseide-querystring-xss(64833)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/06/16"
},
{
"name": "RHSA-2011:0568",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0568.html"
},
{
"name": "[oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/06/7"
},
{
"name": "FEDORA-2010-18990",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html"
},
{
"name": "MDVSA-2011:032",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032"
},
{
"name": "FEDORA-2010-19006",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting"
},
{
"name": "eclipseide-querystring-xss(64833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833"
},
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582",
"refsource": "MISC",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582"
}
]
}
}

190
2010/5xxx/CVE-2010-5091.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5091",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name" : "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name" : "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name" : "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt",
"refsource" : "MISC",
"url" : "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt"
},
{
"name" : "http://open.silverstripe.org/ticket/5693",
"refsource" : "MISC",
"url" : "http://open.silverstripe.org/ticket/5693"
},
{
"name" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8",
"refsource" : "CONFIRM",
"url" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8"
},
{
"name" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1",
"refsource" : "CONFIRM",
"url" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"name" : "http://open.silverstripe.org/changeset/107273",
"refsource" : "CONFIRM",
"url" : "http://open.silverstripe.org/changeset/107273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "http://open.silverstripe.org/ticket/5693",
"refsource": "MISC",
"url": "http://open.silverstripe.org/ticket/5693"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt",
"refsource": "MISC",
"url": "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"name": "http://open.silverstripe.org/changeset/107273",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/107273"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8"
}
]
}
}

200
2010/5xxx/CVE-2010-5180.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5180",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource" : "MISC",
"url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource" : "MISC",
"url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource" : "MISC",
"url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name" : "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource" : "MISC",
"url" : "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource" : "MISC",
"url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name" : "39924",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39924"
},
{
"name" : "67660",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/67660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource": "MISC",
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name": "39924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39924"
},
{
"name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name": "67660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67660"
},
{
"name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name": "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource": "MISC",
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
]
}
}

130
2010/5xxx/CVE-2010-5242.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/",
"refsource" : "MISC",
"url" : "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
},
{
"name" : "41164",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41164"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/",
"refsource": "MISC",
"url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
},
{
"name": "41164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41164"
}
]
}
}

160
2014/0xxx/CVE-2014-0086.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0086",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1067268",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1067268"
},
{
"name" : "https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757",
"refsource" : "CONFIRM",
"url" : "https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757"
},
{
"name" : "https://issues.jboss.org/browse/RF-13250",
"refsource" : "CONFIRM",
"url" : "https://issues.jboss.org/browse/RF-13250"
},
{
"name" : "RHSA-2014:0335",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0335.html"
},
{
"name" : "57053",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57053"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0335",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0335.html"
},
{
"name": "https://issues.jboss.org/browse/RF-13250",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/RF-13250"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1067268",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067268"
},
{
"name": "https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757",
"refsource": "CONFIRM",
"url": "https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757"
},
{
"name": "57053",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57053"
}
]
}
}

280
2014/0xxx/CVE-2014-0451.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0451",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"name" : "DSA-2912",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2912"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "GLSA-201502-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name" : "HPSBUX03091",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "HPSBUX03092",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name" : "SSRT101667",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "SSRT101668",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name" : "RHSA-2014:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0675.html"
},
{
"name" : "RHSA-2014:0685",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0685.html"
},
{
"name" : "RHSA-2014:0413",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"name" : "RHSA-2014:0414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name" : "USN-2191-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2191-1"
},
{
"name" : "USN-2187-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2187-1"
},
{
"name" : "66879",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66879"
},
{
"name" : "58415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58415"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2187-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2187-1"
},
{
"name": "RHSA-2014:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html"
},
{
"name": "RHSA-2014:0414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "USN-2191-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2191-1"
},
{
"name": "HPSBUX03091",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"name": "RHSA-2014:0413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"name": "SSRT101667",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "HPSBUX03092",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name": "RHSA-2014:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0685.html"
},
{
"name": "DSA-2912",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2912"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name": "66879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66879"
},
{
"name": "58415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58415"
},
{
"name": "SSRT101668",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
}
]
}
}

130
2014/0xxx/CVE-2014-0745.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140225 Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0745"
},
{
"name" : "1029842",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029842"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029842",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029842"
},
{
"name": "20140225 Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0745"
}
]
}
}

140
2014/0xxx/CVE-2014-0923.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670278",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670278"
},
{
"name" : "IT00582",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00582"
},
{
"name" : "ibm-messagesight-cve20140923-dos(92076)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92076"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-messagesight-cve20140923-dos(92076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92076"
},
{
"name": "IT00582",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00582"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670278",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670278"
}
]
}
}

170
2014/0xxx/CVE-2014-0965.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0965",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681249",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681249"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"name" : "PI11434",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI11434"
},
{
"name" : "68210",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68210"
},
{
"name" : "ibm-websphere-cve20140965-info-disc(92878)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92878"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"name": "ibm-websphere-cve20140965-info-disc(92878)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92878"
},
{
"name": "68210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68210"
},
{
"name": "PI11434",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI11434"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681249",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681249"
}
]
}
}

200
2014/1xxx/CVE-2014-1590.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1590",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-85.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-85.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1087633",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1087633"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "DSA-3090",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3090"
},
{
"name" : "DSA-3092",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3092"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "openSUSE-SU-2015:0138",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"name" : "openSUSE-SU-2015:1266",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name" : "71397",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71397"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-85.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-85.html"
},
{
"name": "openSUSE-SU-2015:0138",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1087633",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1087633"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "71397",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71397"
},
{
"name": "DSA-3090",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3090"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "DSA-3092",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3092"
}
]
}
}

34
2014/1xxx/CVE-2014-1675.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1675",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1675",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/4xxx/CVE-2014-4079.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-052",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052"
},
{
"name" : "69581",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69581"
},
{
"name" : "1030818",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030818"
},
{
"name" : "ms-ie-cve20144079-code-exec(95509)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95509"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69581"
},
{
"name": "1030818",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030818"
},
{
"name": "MS14-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052"
},
{
"name": "ms-ie-cve20144079-code-exec(95509)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95509"
}
]
}
}

160
2014/4xxx/CVE-2014-4337.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-4337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140619 Re: cups-browsed remote exploit",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/06/19/12"
},
{
"name" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194",
"refsource" : "CONFIRM",
"url" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name" : "RHSA-2014:1795",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name" : "68122",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68122"
},
{
"name" : "62044",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1795",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "62044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62044"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "68122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68122"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
]
}
}

120
2014/4xxx/CVE-2014-4552.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-spotlightyour-a3-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-spotlightyour-a3-cross-site-scripting-xss"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codevigilant.com/disclosure/wp-plugin-spotlightyour-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-spotlightyour-a3-cross-site-scripting-xss"
}
]
}
}

140
2014/4xxx/CVE-2014-4637.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4637",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html"
},
{
"name" : "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html"
},
{
"name" : "1031497",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html"
},
{
"name": "20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html"
},
{
"name": "1031497",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031497"
}
]
}
}

130
2014/4xxx/CVE-2014-4962.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532726/100/0/threaded"
},
{
"name" : "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jul/38"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532726/100/0/threaded"
},
{
"name": "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/38"
}
]
}
}

142
2014/9xxx/CVE-2014-9959.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-06-05T00:00:00",
"ID" : "CVE-2014-9959",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-06-05T00:00:00",
"ID": "CVE-2014-9959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "98874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98874"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "98874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98874"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}

150
2016/3xxx/CVE-2016-3570.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3571, and CVE-2016-3573."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91884",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91884"
},
{
"name" : "1036393",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036393"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3571, and CVE-2016-3573."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91884"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "1036393",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036393"
}
]
}
}

140
2016/6xxx/CVE-2016-6431.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6431",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco ASA Software before 9.6(1.5)",
"version" : {
"version_data" : [
{
"version_value" : "Cisco ASA Software before 9.6(1.5)"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco ASA Software before 9.6(1.5)",
"version": {
"version_data": [
{
"version_value": "Cisco ASA Software before 9.6(1.5)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca"
},
{
"name" : "93786",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93786"
},
{
"name" : "1037060",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037060"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93786"
},
{
"name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca"
},
{
"name": "1037060",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037060"
}
]
}
}

140
2016/7xxx/CVE-2016-7209.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka \"Microsoft Edge Spoofing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-129",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129"
},
{
"name" : "94049",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94049"
},
{
"name" : "1037245",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037245"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka \"Microsoft Edge Spoofing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-129",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129"
},
{
"name": "94049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94049"
},
{
"name": "1037245",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037245"
}
]
}
}

200
2016/7xxx/CVE-2016-7545.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7545",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160925 CVE-2016-7545 -- SELinux sandbox escape",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/25/1"
},
{
"name" : "[selinux] 20160923 [PATCH 2/2] sandbox: create a new session for sandboxed processes",
"refsource" : "MLIST",
"url" : "https://marc.info/?l=selinux&m=147465160112766&w=2"
},
{
"name" : "https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379",
"refsource" : "CONFIRM",
"url" : "https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379"
},
{
"name" : "FEDORA-2016-b7e8e980ef",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF/"
},
{
"name" : "RHSA-2016:2702",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2702.html"
},
{
"name" : "RHSA-2017:0535",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0535.html"
},
{
"name" : "RHSA-2017:0536",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0536.html"
},
{
"name" : "93156",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93156"
},
{
"name" : "1037283",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037283"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0536",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0536.html"
},
{
"name": "[oss-security] 20160925 CVE-2016-7545 -- SELinux sandbox escape",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/25/1"
},
{
"name": "FEDORA-2016-b7e8e980ef",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF/"
},
{
"name": "RHSA-2017:0535",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0535.html"
},
{
"name": "RHSA-2016:2702",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2702.html"
},
{
"name": "93156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93156"
},
{
"name": "1037283",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037283"
},
{
"name": "https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379",
"refsource": "CONFIRM",
"url": "https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379"
},
{
"name": "[selinux] 20160923 [PATCH 2/2] sandbox: create a new session for sandboxed processes",
"refsource": "MLIST",
"url": "https://marc.info/?l=selinux&m=147465160112766&w=2"
}
]
}
}

190
2016/7xxx/CVE-2016-7999.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7999",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"name" : "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/07/5"
},
{
"name" : "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/08/6"
},
{
"name" : "[oss-security] 20161012 CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/12/10"
},
{
"name" : "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/",
"refsource" : "MISC",
"url" : "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/"
},
{
"name" : "https://core.spip.net/projects/spip/repository/revisions/23188",
"refsource" : "CONFIRM",
"url" : "https://core.spip.net/projects/spip/repository/revisions/23188"
},
{
"name" : "https://core.spip.net/projects/spip/repository/revisions/23193",
"refsource" : "CONFIRM",
"url" : "https://core.spip.net/projects/spip/repository/revisions/23193"
},
{
"name" : "93451",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93451"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93451"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23193",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23193"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23188",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23188"
},
{
"name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/5"
},
{
"name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"name": "[oss-security] 20161012 CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/10"
},
{
"name": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/"
}
]
}
}

130
2016/8xxx/CVE-2016-8103.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2016-8103",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NUC Kits",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Intel"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevated Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2016-8103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NUC Kits",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00057&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00057&languageid=en-fr"
},
{
"name" : "95012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95012"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevated Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95012"
},
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00057&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00057&languageid=en-fr"
}
]
}
}

130
2016/8xxx/CVE-2016-8450.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8450",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name" : "95269",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95269"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95269"
}
]
}
}

146
2016/8xxx/CVE-2016-8476.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8476",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-02-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-02-01.html"
},
{
"name" : "96047",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96047"
},
{
"name" : "1037798",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037798"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96047"
},
{
"name": "1037798",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037798"
},
{
"name": "https://source.android.com/security/bulletin/2017-02-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-02-01.html"
}
]
}
}